evani

Members
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About evani

  • Rank
    Member
  1. [email protected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=43f8071b3bc66e4aab7356e3a38fb0d2 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-03-07 08:20:02 # local_time=2010-03-07 08:20:02 (+0000, GMT Standard Time) # country="United Kingdom" # lang=9 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 1125572 1125572 0 0 # compatibility_mode=768 16777215 100 0 40182226 40182226 0 0 # compatibility_mode=1024 16777215 100 0 10016486 10016486 0 0 # compatibility_mode=5892 16776574 100 100 10192872 105520706 0 0 # compatibility_mode=8192 67108863 100 0 3743 3743 0 0 # scanned=189714 # found=136 # cleaned=136 # scan_time=5223 C:\Qoobox\Quarantine\C\ProgramData\Seekapp\seekapp132.exe.vir Win32/Adware.OneStep.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x8600360f.tmp.vir a variant of Win32/Kryptik.CMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86005b58.tmp.vir a variant of Win32/Kryptik.CMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Alisayar_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Anita_jonsson555_click-BIGGERLOADS.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Anita_jonsson555_click-onlineRX.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Bdmiller60_click-onlineRX.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Bryant_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\BUY_PERMANENTGROW.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Buy_Rx_Here.html JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Buy_Rx_Here08.html JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Buy_Rx_Here091.html JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Buy_Rx_Here11.html JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Buy_Rx_Here5.html JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Cia78a_click_PERMANENTGrowth.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\click-HERBALVIAGRA.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\ClickHere_SAVEHUGEon_RX.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Clifton_Buy_HERBALVIAGRA.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Cody139x_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Cornelissenkevin12_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Cowhole2000-Lose-10poundsIn10days.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Debeer76_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Dennis_Buy_HERBALVIAGRA.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Dna_polychrisase-Lose-10poundsIn10days.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Dna_polychrisase_10POUNDSIN10DAYSDIET.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Eanichols6_BUY_PHARMACY.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Eanieto_BUY_PHARMACY.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Eanikina_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Evani70_click-onlineRX.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Forsmanm_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Foxy_chicka1_click-BIGGERLOADS.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Holder_Buy_HERBALVIAGRA.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Hotchick5287_click-onlineRX.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Hotchick5287_click_LAST-LONGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Hotchick5287_click_PERMANENTGrowth.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Jenkins_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Kendrick_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Lovers694u_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Manuel_collins_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Markalsoknowastom_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Mcamposanop_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Mckay_Buy_HERBALVIAGRA.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Melendez_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Messer_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Natasha230_click-onlineRX.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Nguyen_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Nytnyt-Lose-10poundsIn10days.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Orangesocks4me-Lose-10poundsIn10days.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Orangesocks4me_10POUNDSIN10DAYSDIET.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Pporresi_click-onlineRX.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Punjabian23_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Quinn_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Rjjm88-Lose-10poundsIn10days.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Sandraleturgez_click-onlineRX.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Sapphire824_click_LASTLONGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Scoldwell1_click_LASTLONGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Sheridan_Buy_HERBALVIAGRA.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Sherlyn102_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Sirius1935_click-BIGGERLOADS.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Steffi1967_click-onlineRX.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Thuglife_007_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Tilly531_click-onlineRX.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Valou150_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\Witherspoon_Buy_HERBALVIAGRA.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{01316B72-666E-4CF3-8918-7C05BA8CE444}\click-HERBALVIAGRA.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{029E5B1A-7F08-4CC4-A976-D17296D300C1}\BUY_HERBALVIAGRA.HTM JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{049C220B-2D77-444C-B4BC-04EF65C929A1}\BUY_PERMANENTGROW.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{0534E691-C396-45CD-999A-ABE5DC1C7A44}\Debeer76_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{10A6FA65-4BF8-461D-8C84-C642E81F1D8A}\Lovers694u_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{1547D82A-6ECA-4D57-8FD6-7D4C06F88A7C}\click-HERBALVIAGRA.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{1AF14062-2659-4980-A11F-021D66C841F5}\Lovers694u_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{1B102CC3-05A8-485B-BB64-52A9E04F1702}\click-HERBALVIAGRA.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{1D339D30-008A-4C42-8058-963A9D491693}\Lovers694u_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{22E51A12-FBCD-4275-B54B-304336F39147}\BUY_HERBALVIAGRA.HTM JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{266FE5CB-D5D4-45AF-A299-C667DB34BD4E}\click-HERBALVIAGRA.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{27257D75-2D97-427F-8E01-5037E035B7EE}\Kim_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{27B5D6EE-4905-4977-97F3-9DDB0159A6DA}\Debeer76_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{286DFF63-CDEB-404A-A835-AC3731634676}\Nytnyt-Lose-10poundsIn10days.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{28AD11A6-24F8-451D-AC17-78173FD5EE37}\Alisayar_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{2A52EA02-CFD4-4A17-890A-D0E5E27BA9B4}\Alisayar_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{32043F7D-3140-466D-B1EA-2A5503B51168}\Clifton_Buy_HERBALVIAGRA.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{32F3DDAC-695A-4B1C-BDB2-3EEF8436119D}\Lovers694u_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{3A4AC3DA-BDA1-4BD0-BE5B-FE840CC8800A}\Lovers694u_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{47A685FA-CA52-48B1-BE4B-03E47E12BD62}\Dna_polychrisase-Lose-10poundsIn10days.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{4C96B0B9-D509-4B2A-AA95-70D73A4D83EC}\Markalsoknowastom_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{52C0B7B0-DDF9-4F25-87DF-6D1098F75B60}\Markalsoknowastom_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{53E314A0-2B54-4EEF-8200-E725E1E8492A}\Debeer76_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{588D356F-B381-4930-BCF7-A5909832C353}\Markalsoknowastom_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{5990E4C3-A54A-4EAD-8412-E1525169DACA}\Kim_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{5B4AF694-EABE-4B63-A58E-3B047388D9BB}\Kim_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{5B7984B0-BF61-4B5B-BB7A-8DCDDB50F9EB}\Kendrick_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{6099B0E4-C3E7-4CA8-BF05-1A5A19722729}\Debeer76_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{64E0FD4B-F133-4DEF-B1CA-D333D3368E74}\click-HERBALVIAGRA.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{691D244B-C4FD-4F3B-809F-382EB8C6EE8B}\Lovers694u_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{6AFC973E-3DE1-4F0B-9000-A661EE4BAAAC}\Cornelissenkevin12_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{6BD9752B-2947-4BBC-AE89-6FD554797D98}\click-HERBALVIAGRA.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{73401E0E-A7B4-4A3A-9F81-C6B5A3B2CB4B}\click-HERBALVIAGRA.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{74D1035D-E6DC-4CC0-92F1-7E9F530E84B5}\Debeer76_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{77C1CE13-1164-4009-99A7-7EEE83BA3BA5}\Lovers694u_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{7E7F3EEE-3A11-4C40-B65D-158870476AA8}\click-HERBALVIAGRA.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{829F6E9B-EAA3-4C0A-887C-BD0CCF666718}\Markalsoknowastom_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{88778CA1-BA2E-48ED-95E9-56DE88E74120}\Witherspoon_Buy_HERBALVIAGRA.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{8F1EFACE-3EA3-4133-BC2E-55B2BEFB6C17}\click-HERBALVIAGRA.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{92EAC36A-A982-479E-9615-DD7998F6AECD}\BUY_PERMANENTENLARG.HTM JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{9C5F577D-D943-4508-A6C5-387C65F36A56}\Markalsoknowastom_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{A19064A1-F1B0-4162-971D-63CD87E29ACB}\Markalsoknowastom_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{A20E6B12-4FB5-463D-B043-978CCA97AAE1}\Alisayar_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{A715A0B2-0EE0-4426-AA85-972C6E9429E9}\Lovers694u_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{B9077A18-3063-433E-AF6D-96A6D6C853A8}\Kim_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{BA269E3B-A455-425F-9FCF-93A576DFA332}\Cornelissenkevin12_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{BA583B58-66B0-44BB-BE3A-D1235BC9AA9E}\Lovers694u_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{BD75494C-ED17-447B-BF80-271FFF93625C}\click-HERBALVIAGRA.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{BE9B58E2-E338-459E-B745-3EC05FBCE694}\Markalsoknowastom_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{C19BC265-56D2-4097-98B6-C58B0D563EF1}\Markalsoknowastom_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{C1EB155F-DFFE-4C42-AF87-E537F4C9DF64}\Alisayar_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{C226F91B-7F3D-41D5-A369-8C00C8A13E38}\Lovers694u_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{C8B24F31-E0EB-42D1-B8A2-75A3ADBC2087}\Kim_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{D0D81D57-9987-48D7-9912-B448A45E9D07}\BUY_PERMANENTENLARG.HTM JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{D4478EED-9377-4048-B660-C3C269D47599}\click-HERBALVIAGRA.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{D884DED3-80D5-496A-B955-566B0FEB2864}\Markalsoknowastom_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{EEB06D7A-B478-4309-BB57-ADEA49157B51}\Lovers694u_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{EF1A6A81-3A5F-47B0-B881-694830F7EEF6}\Kim_Buy_PermanentEnlarger.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{EFB04997-04E8-4E94-8C70-F6404A396FD5}\Markalsoknowastom_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{F59D85D9-FB18-48C8-9389-3DBD5D294E46}\Markalsoknowastom_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{31778F0F-0190-4A1F-B394-FA4DDC5A73A6}\Message Store\Attachments\{FC849797-A376-41C4-B2AD-6AA2A0405504}\Alisayar_click-PERMANENTENLARGER.htm JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{7C8C6A72-5875-446B-9E22-7EFC85928BEA}\Message Store\Attachments\No_Obligation_Free_Quote.html JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{7C8C6A72-5875-446B-9E22-7EFC85928BEA}\Message Store\Attachments\Powers_START_FASTESTDIET.HTML JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{7C8C6A72-5875-446B-9E22-7EFC85928BEA}\Message Store\Attachments\WEBSITE_HERE.html JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{7C8C6A72-5875-446B-9E22-7EFC85928BEA}\Message Store\Attachments\{21C11A45-97B7-42BC-BBDF-36A81C806B00}\WEBSITE_HERE.html JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{7C8C6A72-5875-446B-9E22-7EFC85928BEA}\Message Store\Attachments\{94174C58-B28E-4B8E-B9FD-1322DCA848DE}\WEBSITE_HERE.html JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\AppData\Local\IM\Identities\{7C8C6A72-5875-446B-9E22-7EFC85928BEA}\Message Store\Attachments\{B742F746-60FA-4589-BBA6-434897753134}\WEBSITE_HERE.html JS/Redir.AH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\C_Users\Vladimir\Documents\Downloads\Geno Pro\Geno Pro.exe probably a variant of Win32/TrojanDownloader.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles3062010_100908\F_Backup Nov 2009\Downloads\Geno Pro\Geno Pro.exe probably a variant of Win32/TrojanDownloader.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  2. OTL logfile created on: 06/03/2010 10:40:49 - Run 2 OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Vladimir\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 177.00 Gb Total Space | 34.73 Gb Free Space | 19.62% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 931.28 Gb Total Space | 701.80 Gb Free Space | 75.36% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VAIO Current User Name: Vladimir Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color="#E56717"]========== Processes (SafeList) ==========[/color] PRC - [2010/03/03 16:13:14 | 003,320,768 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2010/02/25 21:14:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe PRC - [2010/02/04 15:52:57 | 001,228,208 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010/02/04 15:52:57 | 000,814,160 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2010/01/12 14:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009/12/12 09:31:44 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2009/12/12 09:31:44 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2009/11/14 09:57:41 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2009/11/14 09:57:05 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009/11/11 21:31:46 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/07/06 07:59:38 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\3.1\AGCoreService.exe PRC - [2009/06/23 14:23:10 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009/06/23 14:23:01 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2009/04/11 06:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/23 10:47:10 | 003,458,376 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7613\Webshots.scr PRC - [2009/02/25 15:17:16 | 000,045,056 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008/08/24 10:59:12 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe PRC - [2008/01/19 07:33:40 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2008/01/19 07:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2006/11/28 05:15:30 | 000,465,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe PRC - [2006/11/25 01:58:38 | 000,919,672 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2006/11/24 18:36:54 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe PRC - [2006/11/24 18:36:54 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2006/11/14 18:46:24 | 000,411,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe PRC - [2006/11/11 23:35:36 | 000,043,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe PRC - [2006/11/01 06:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2006/10/31 13:52:08 | 000,108,136 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe PRC - [2006/09/26 22:48:36 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2006/09/26 22:46:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe PRC - [2006/09/11 07:23:22 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe PRC - [2006/09/08 06:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe PRC - [2006/09/08 05:54:30 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe PRC - [2006/08/23 20:43:08 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2006/08/04 08:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe [color="#E56717"]========== Modules (SafeList) ==========[/color] MOD - [2010/02/25 21:14:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe MOD - [2010/02/04 18:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll MOD - [2009/08/21 12:43:50 | 000,151,552 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\nphooks.dll MOD - [2009/08/21 12:37:30 | 000,225,280 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\nscore.dll MOD - [2009/08/21 12:35:30 | 000,348,160 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\communication.dll MOD - [2009/08/13 17:57:52 | 000,212,992 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2005/10/14 20:57:46 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\msvcp71.dll MOD - [2005/10/14 20:57:46 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\msvcr71.dll [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2010/02/04 15:52:57 | 001,228,208 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2010/01/12 14:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009/11/14 15:46:31 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca6541ab666733) Google Update Service (gupdate1ca6541ab666733) SRV - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009/11/11 21:31:46 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/09/13 15:46:48 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/07/06 07:59:38 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\3.1\AGCoreService.exe -- (AGCoreService) SRV - [2009/06/23 14:22:57 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$VAIO_VEDB) SQL Server (VAIO_VEDB) SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/18 10:51:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2006/11/24 18:36:54 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2006/11/14 01:31:22 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2006/11/02 12:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/11/01 06:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006/10/31 13:52:08 | 000,108,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/24 18:32:08 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2006/10/12 02:36:02 | 000,741,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2006/10/11 23:52:44 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) SRV - [2006/10/11 23:52:44 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2006/10/09 19:02:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) SRV - [2006/10/09 19:02:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2006/10/05 02:25:00 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/10/05 02:15:30 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006/10/05 02:06:58 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/09/26 22:48:36 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2006/09/26 22:46:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2006/09/21 17:53:16 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2006/08/29 05:38:04 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2006/08/23 20:43:08 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2006/08/04 08:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2005/11/14 09:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) [color="#E56717"]========== Standard Registry (SafeList) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.co.uk/"]http://www.google.co.uk/[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color="#E56717"]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424 FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar&search=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 09:32:46 | 000,000,000 | ---D | M] [2009/06/28 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\mozilla\Extensions [2009/06/28 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\mozilla\Extensions\[email protected] [2009/07/20 16:58:38 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\mozilla\Firefox\Profiles\i3woe7gh.default\extensions [2009/06/17 16:24:50 | 000,002,137 | ---- | M] () -- C:\Users\Vladimir\AppData\Roaming\Mozilla\FireFox\Profiles\i3woe7gh.default\searchplugins\MyStart Search.xml [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml O1 HOSTS File: ([2010/03/06 10:09:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [DVD43] C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe (Fengtao Software Inc.) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries0000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [url="http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab"]http://upload.facebook.com/controls/2008.1...toUploader5.cab[/url] (Facebook Photo Uploader 5 Control) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [url="http://www.pcpitstop.com/betapit/PCPitStop.CAB"]http://www.pcpitstop.com/betapit/PCPitStop.CAB[/url] (PCPitstop Utility) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [url="https://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab"]https://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab[/url] (Image Uploader Control) O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} [url="http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll"]http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll[/url] (PCPitstop AntiVirus) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [url="http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab"]http://upload.facebook.com/controls/2009.0...oUploader55.cab[/url] (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0) O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} [url="http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab"]http://webalbum.bonusprint.com/ukipc01/dow...geUploader4.cab[/url] (Bonusprint Image Uploader Version 4.5 Control) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} [url="https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab"]https://as.photoprintit.de/ips-opdata/layou...PSUploader4.cab[/url] (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab[/url] (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [url="http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab"]http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-gb.cab[/url] (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/06/17 12:20:00 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color="#E56717"]========== Files/Folders - Created Within 14 Days ==========[/color] [2010/03/05 09:59:00 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\Documents\AnyDVDHD [2010/03/05 09:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2010/03/05 09:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft [2010/03/05 09:18:35 | 000,000,000 | ---D | C] -- C:\MAGICDVDCOPY_TEMP [2010/03/04 21:37:10 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\Malwarebytes [2010/03/04 21:37:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/03/04 21:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/03/04 21:37:01 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/03/04 21:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/03/04 21:22:02 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Vladimir\Desktop\mbam-setup.exe [2010/03/04 21:21:27 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\TFC.exe [2010/03/03 21:57:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/03/03 21:40:11 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/03/03 21:39:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/03/03 21:33:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys [2010/03/03 21:33:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Vladimir\AppData\Roaming\pcouffin.sys [2010/03/03 21:33:57 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\Documents\PcSetup [2010/03/03 21:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\FlyDVDCopier [2010/03/01 20:04:01 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\Desktop\tdsskiller [2010/02/27 11:54:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/02/27 11:54:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/02/27 11:54:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/02/27 11:51:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/02/27 11:38:18 | 000,000,000 | ---D | C] -- C:\_OTL [2010/02/25 21:14:41 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe [2010/02/22 19:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/02/22 19:12:25 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Vladimir\Desktop\HijackThisInstaller.exe [2010/02/22 19:10:12 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\Desktop\gmer [2010/02/22 18:35:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/02/22 18:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/02/22 18:32:27 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\Desktop\SysRestorePoint_v13 [2010/02/22 16:53:20 | 000,104,768 | ---- | C] (SlySoft, Inc.) -- C:\Windows\System32\drivers\AnyDVD.sys [2010/02/22 15:19:06 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010/02/22 15:13:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010/02/22 15:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010/02/22 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [color="#E56717"]========== Files - Modified Within 14 Days ==========[/color] [2010/03/06 10:42:37 | 006,029,312 | -HS- | M] () -- C:\Users\Vladimir\NTUSER.DAT [2010/03/06 10:15:17 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib [2010/03/06 10:13:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/03/06 10:13:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/03/06 10:13:45 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/03/06 10:13:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/03/06 10:13:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/03/06 10:13:12 | 2143,498,240 | -HS- | M] () -- C:\hiberfil.sys [2010/03/06 10:11:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/03/06 10:11:01 | 000,524,288 | -HS- | M] () -- C:\Users\Vladimir\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/03/06 10:11:01 | 000,065,536 | -HS- | M] () -- C:\Users\Vladimir\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/03/06 10:09:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010/03/06 10:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/03/06 09:41:37 | 056,772,185 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/03/05 09:54:52 | 000,103,832 | ---- | M] () -- C:\Users\Vladimir\AppData\Local\GDIPFONTCACHEV1.DAT [2010/03/05 09:51:27 | 000,385,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/03/05 09:46:53 | 002,284,706 | -H-- | M] () -- C:\Users\Vladimir\AppData\Local\IconCache.db [2010/03/05 09:45:25 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk [2010/03/04 21:37:06 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/04 21:22:06 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Vladimir\Desktop\mbam-setup.exe [2010/03/04 21:21:33 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\TFC.exe [2010/03/03 21:55:02 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/03/03 21:36:22 | 004,118,254 | R--- | M] () -- C:\Users\Vladimir\Desktop\ComboFix.exe [2010/03/03 21:33:58 | 000,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys [2010/03/03 21:33:58 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Vladimir\AppData\Roaming\pcouffin.sys [2010/03/03 21:33:58 | 000,007,887 | ---- | M] () -- C:\Users\Vladimir\AppData\Roaming\pcouffin.cat [2010/03/03 21:33:57 | 000,001,144 | ---- | M] () -- C:\Users\Vladimir\AppData\Roaming\pcouffin.inf [2010/03/03 21:33:55 | 000,000,792 | ---- | M] () -- C:\Users\Vladimir\Desktop\Fly DVD Copier.lnk [2010/02/27 08:07:29 | 000,756,706 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/02/27 08:07:29 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/02/27 08:07:29 | 000,118,832 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/02/25 21:14:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe [2010/02/22 19:13:27 | 000,001,874 | ---- | M] () -- C:\Users\Vladimir\Desktop\HijackThis.lnk [2010/02/22 19:12:26 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Vladimir\Desktop\HijackThisInstaller.exe [2010/02/22 18:34:39 | 000,000,714 | ---- | M] () -- C:\Users\Vladimir\Desktop\ERUNT.lnk [2010/02/22 16:53:20 | 000,104,768 | ---- | M] (SlySoft, Inc.) -- C:\Windows\System32\drivers\AnyDVD.sys [2010/02/22 15:13:42 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010/02/21 17:29:11 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job [color="#E56717"]========== Files Created - No Company Name ==========[/color] [2010/03/05 09:56:18 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010/03/05 09:45:25 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk [2010/03/04 21:37:06 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/03 21:38:31 | 000,000,034 | ---- | C] () -- C:\Users\Vladimir\AppData\Roaming\pcouffin.log [2010/03/03 21:33:58 | 000,007,887 | ---- | C] () -- C:\Users\Vladimir\AppData\Roaming\pcouffin.cat [2010/03/03 21:33:57 | 000,001,144 | ---- | C] () -- C:\Users\Vladimir\AppData\Roaming\pcouffin.inf [2010/03/03 21:33:55 | 000,000,792 | ---- | C] () -- C:\Users\Vladimir\Desktop\Fly DVD Copier.lnk [2010/02/28 12:22:18 | 2143,498,240 | -HS- | C] () -- C:\hiberfil.sys [2010/02/27 11:54:06 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe [2010/02/27 11:54:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/02/27 11:54:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/02/27 11:54:06 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/02/27 11:54:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/02/27 11:45:59 | 004,118,254 | R--- | C] () -- C:\Users\Vladimir\Desktop\ComboFix.exe [2010/02/22 19:13:27 | 000,001,874 | ---- | C] () -- C:\Users\Vladimir\Desktop\HijackThis.lnk [2010/02/22 18:34:39 | 000,000,714 | ---- | C] () -- C:\Users\Vladimir\Desktop\ERUNT.lnk [2010/02/22 18:30:23 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010/02/22 15:13:42 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010/01/23 11:08:02 | 000,000,067 | ---- | C] () -- C:\Windows\DVDRegionFree.INI [2009/12/13 15:01:15 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll [2009/11/23 19:58:15 | 000,000,586 | ---- | C] () -- C:\Windows\Calendar.INI [2009/11/14 18:41:32 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL [2009/11/14 18:41:31 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009/10/27 11:45:38 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini [2009/10/27 11:44:11 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv [2009/10/27 11:44:10 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll [2009/09/11 12:28:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/02 10:39:47 | 000,000,193 | ---- | C] () -- C:\Windows\hppsapp.INI [2009/07/21 11:17:35 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll [2009/07/21 11:17:35 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll [2009/06/23 08:25:27 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2009/06/17 15:50:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\SSGK2PNP.DLL [2009/06/17 15:33:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Dll_OTHER_ENG.dll [2009/02/16 22:12:27 | 000,000,088 | RHS- | C] () -- C:\ProgramData\95C5778315.sys [2009/02/16 22:12:26 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2008/11/27 17:51:18 | 000,099,840 | ---- | C] () -- C:\Users\Vladimir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/06/02 18:07:26 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2007/05/21 16:05:35 | 000,001,356 | ---- | C] () -- C:\Users\Vladimir\AppData\Local\d3d9caps.dat [2006/12/23 02:54:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2006/12/23 02:49:42 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2006/12/23 02:44:11 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2006/12/01 00:15:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/01 01:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006/08/10 23:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll [2005/07/23 05:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2005/05/07 04:40:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PalmDB.dll [color="#E56717"]========== LOP Check ==========[/color] [2009/09/13 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\AGI [2009/12/20 12:30:40 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\ContentGuard [2009/06/28 17:37:18 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\CopyTrans [2009/11/23 19:54:53 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\desksware [2010/03/01 19:35:39 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Facebook [2009/11/09 21:08:02 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\FileZilla [2009/07/08 20:04:29 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\GetRightToGo [2009/02/13 22:32:03 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\InterVideo [2009/09/27 10:24:08 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Nvu [2009/09/27 11:21:59 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Opera [2009/10/27 11:45:38 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\pdf995 [2010/02/07 10:26:28 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\TeamViewer [2009/09/13 15:38:11 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Temp [2009/06/28 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\TomTom [2009/11/15 20:04:04 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\TrueCrypt [2010/02/17 08:59:57 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\uTorrent [2010/03/03 21:38:31 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\VSO [2009/09/13 15:38:22 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\Webshots [2010/02/07 11:35:34 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\WindSolutions [2010/03/06 10:11:27 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color="#E56717"]========== Purity Check ==========[/color] [color="#E56717"]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BE76DBCF < End of report >
  3. Sorry, left Kaspersky to run through the day as it was taking so long! Report attached.
  4. Malwarebytes' Anti-Malware 1.44 Database version: 3825 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 05/03/2010 08:32:04 mbam-log-2010-03-05 (08-32-04).txt Scan type: Quick Scan Objects scanned: 114743 Time elapsed: 8 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  5. Here we go, finally: ComboFix 10-03-03.03 - Vladimir 03/03/2010 21:41:45.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1033.18.2045.857 [GMT 0:00] Running from: c:\users\Vladimir\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-2458546346-3750979925-821872818-500 c:\$recycle.bin\S-1-5-21-2874511185-4155292472-490868185-500 c:\$recycle.bin\S-1-5-21-3516823721-2267568922-4119331526-500 c:\documentation\_desktop.ini c:\documentation\Documentation\_desktop.ini c:\documentation\Documentation\CS\_desktop.ini c:\documentation\Documentation\DE\_desktop.ini c:\documentation\Documentation\EN\_desktop.ini c:\documentation\Documentation\ES\_desktop.ini c:\documentation\Documentation\FI\_desktop.ini c:\documentation\Documentation\FR\_desktop.ini c:\documentation\Documentation\GR\_desktop.ini c:\documentation\Documentation\IT\_desktop.ini c:\documentation\Documentation\NL\_desktop.ini c:\documentation\Documentation\PO\_desktop.ini c:\documentation\Documentation\RU\_desktop.ini c:\documentation\Documentation\SV\_desktop.ini c:\documentation\Leaflets\_desktop.ini c:\documentation\Leaflets\CS\_desktop.ini c:\documentation\Leaflets\DE\_desktop.ini c:\documentation\Leaflets\EN\_desktop.ini c:\documentation\Leaflets\ES\_desktop.ini c:\documentation\Leaflets\FI\_desktop.ini c:\documentation\Leaflets\FR\_desktop.ini c:\documentation\Leaflets\GR\_desktop.ini c:\documentation\Leaflets\IT\_desktop.ini c:\documentation\Leaflets\NL\_desktop.ini c:\documentation\Leaflets\PO\_desktop.ini c:\documentation\Leaflets\RU\_desktop.ini c:\documentation\Leaflets\SV\_desktop.ini C:\LOG.TXT c:\program files\Seekapp c:\programdata\Seekapp c:\programdata\Seekapp\seekapp132.exe c:\users\Vladimir\AppData\Roaming\inst.exe c:\users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url c:\users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games.url c:\users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url c:\users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url c:\windows\AUTOLNCH.REG c:\windows\jestertb.dll c:\windows\system32\spool\prtprocs\w32x8600360f.tmp c:\windows\system32\spool\prtprocs\w32x86005b58.tmp c:\windows\system32\stacsv.exe c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job . ((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 ))))))))))))))))))))))))))))))) . 2010-03-03 21:54 . 2010-03-03 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-03 21:36 . 2010-03-03 21:36 -------- d-----w- c:\windows\LastGood 2010-03-03 21:33 . 2010-03-03 21:33 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-03-03 21:33 . 2010-03-03 21:33 47360 ----a-w- c:\users\Vladimir\AppData\Roaming\pcouffin.sys 2010-03-03 21:33 . 2010-03-03 21:33 -------- d-----w- c:\program files\FlyDVDCopier 2010-02-27 11:38 . 2010-02-27 11:38 -------- d-----w- C:\_OTL 2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\users\Vladimir\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll 2010-02-22 19:13 . 2010-02-22 19:13 -------- d-----w- c:\program files\Trend Micro 2010-02-22 18:34 . 2010-02-22 18:34 -------- d-----w- c:\program files\ERUNT 2010-02-22 18:30 . 2010-02-04 15:52 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-02-22 15:19 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-02-22 15:13 . 2010-02-22 15:13 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-02-22 15:13 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-02-22 15:12 . 2010-02-22 15:19 -------- d-----w- c:\programdata\Lavasoft 2010-02-22 15:12 . 2010-02-22 15:14 -------- d-----w- c:\program files\Lavasoft 2010-02-17 16:22 . 2010-02-17 16:22 -------- d-----w- c:\programdata\PCPitstop 2010-02-17 16:20 . 2010-02-17 16:25 -------- d-----w- c:\program files\PCPitstop 2010-02-17 15:46 . 2010-02-27 12:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-17 09:11 . 2010-02-27 12:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-02-13 18:56 . 2010-02-13 18:56 50354 ----a-w- c:\users\Vladimir\AppData\Roaming\Facebook\uninstall.exe 2010-02-13 18:56 . 2010-03-01 19:35 -------- d-----w- c:\users\Vladimir\AppData\Roaming\Facebook 2010-02-13 17:08 . 2010-02-13 17:13 -------- d-----w- C:\EFSTMPWP 2010-02-07 10:24 . 2010-02-07 10:26 -------- d-----w- c:\users\Vladimir\AppData\Roaming\TeamViewer 2010-02-07 10:24 . 2010-02-07 10:24 -------- d-----w- c:\program files\iPod 2010-02-07 10:24 . 2010-02-07 10:24 -------- d-----w- c:\program files\TeamViewer 2010-02-07 10:21 . 2010-02-07 10:21 -------- d-----w- c:\program files\QuickTime 2010-02-07 10:16 . 2010-02-07 10:16 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\Vladimir\AppData\Roaming\Facebook\axfbootloader.dll 2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\Vladimir\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-03 21:38 . 2009-12-30 12:34 -------- d-----w- c:\users\Vladimir\AppData\Roaming\VSO 2010-03-01 22:10 . 2009-12-18 10:21 12 ----a-w- c:\windows\bthservsdp.dat 2010-03-01 20:13 . 2009-09-11 12:28 19944 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-02-17 08:59 . 2009-06-28 17:57 -------- d-----w- c:\users\Vladimir\AppData\Roaming\uTorrent 2010-02-14 20:37 . 2009-02-16 22:12 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2010-02-14 20:37 . 2009-02-16 22:12 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2010-02-14 20:37 . 2009-02-16 22:12 88 --sh--r- c:\programdata\95C5778315.sys 2010-02-14 20:37 . 2009-02-16 22:12 88 --sh--r- c:\programdata\95C5778315.sys 2010-02-14 18:14 . 2007-05-30 16:51 -------- d-----w- c:\program files\Google 2010-02-10 18:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-10 14:58 . 2009-10-28 15:01 -------- d-----w- c:\programdata\Microsoft Help 2010-02-07 11:35 . 2009-06-28 17:36 -------- d-----w- c:\users\Vladimir\AppData\Roaming\WindSolutions 2010-02-07 11:35 . 2009-06-28 17:36 -------- d-----w- c:\programdata\WindSolutions 2010-02-07 10:25 . 2009-11-15 10:57 -------- d-----w- c:\program files\iTunes 2010-02-07 10:24 . 2009-06-28 17:41 -------- d-----w- c:\program files\Common Files\Apple 2010-01-26 20:56 . 2010-01-26 20:56 -------- d-----w- c:\program files\Digiarty 2010-01-24 21:16 . 2010-01-24 21:16 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-01-24 21:14 . 2007-05-21 16:05 103264 ----a-w- c:\users\Vladimir\AppData\Local\GDIPFONTCACHEV1.DAT 2010-01-24 11:43 . 2006-12-01 00:09 -------- d-----w- c:\program files\Microsoft Works 2010-01-24 11:13 . 2009-09-25 16:43 -------- d-----w- c:\program files\NCH Swift Sound 2010-01-24 11:11 . 2006-11-30 22:24 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-24 11:11 . 2007-06-02 18:04 -------- d-----w- c:\program files\Canon 2010-01-24 11:08 . 2009-11-14 18:41 -------- d-----w- c:\program files\Free Easy Burner 2010-01-24 11:06 . 2009-12-20 15:23 -------- d-----w- c:\programdata\Skype 2010-01-24 10:58 . 2010-01-24 10:58 -------- d-----w- c:\programdata\DVD Shrink 2010-01-23 11:07 . 2010-01-23 11:07 -------- d-----w- c:\program files\DVD Region+CSS Free 2010-01-22 10:48 . 2009-11-18 20:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-10 14:52 . 2009-09-25 16:44 -------- d-----w- c:\programdata\NCH Swift Sound 2010-01-10 11:58 . 2010-01-10 11:58 -------- d-----w- c:\program files\ffdshow 2010-01-10 11:56 . 2010-01-10 11:56 -------- d-----w- c:\program files\AC3Filter 2010-01-02 06:38 . 2010-01-21 19:45 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-21 19:45 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-21 19:45 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-21 19:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-20 12:17 . 2009-11-26 19:31 188501 ----a-w- c:\users\Vladimir\AppData\Roaming\ContentGuard\CGGuard2.dll 2009-12-11 11:43 . 2010-02-10 13:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-11 11:43 . 2010-02-10 13:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-08 20:01 . 2010-02-10 13:43 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-12-08 20:01 . 2010-02-10 13:43 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:01 . 2010-02-10 13:43 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 17:26 . 2010-02-10 13:43 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-12-04 18:30 . 2010-02-10 13:43 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-04 18:29 . 2010-02-10 13:43 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-04 18:28 . 2010-02-10 13:43 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-04 18:28 . 2010-02-10 13:43 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-04 18:28 . 2010-02-10 13:43 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-04 18:28 . 2010-02-10 13:43 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-04 18:28 . 2010-02-10 13:43 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-04 18:28 . 2010-02-10 13:43 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-04 18:27 . 2010-02-10 13:43 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-12-04 15:56 . 2010-02-10 13:43 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2009-12-04 15:56 . 2010-02-10 13:43 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}] 2009-03-30 04:42 278848 ----a-w- c:\windows\System32\mscoree.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-23 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Apoint"="c:\program files\Apoint\Apoint.exe" [2006-09-11 118784] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 411768] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-16 180269] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-23 68592] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920] "NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-02-25 45056] "DVD43"="c:\program files\DVD Region+CSS Free\DVDRegionFree.exe" [2004-10-22 278016] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] c:\users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Webshots.lnk - c:\program files\Webshots\3.1.5.7613\Launcher.exe [2009-9-13 157000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-11-24 18:36 73728 ----a-w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Vladimir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:59,99,35,9d,f5,32,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3483080238-2169372504-635702862-1003] "EnableNotificationsRef"=dword:00000002 R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22/02/2010 15:19 64288] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [17/06/2009 15:08 333192] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [17/06/2009 15:08 360584] R1 nnrnstdi;nnrnstdi;c:\windows\System32\drivers\nnrnstdi.sys [18/12/2009 11:00 15360] R2 AGCoreService;AG Core Services;c:\program files\AGI\core\3.1\AGCoreService.exe [13/09/2009 15:37 20480] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/11/2009 21:31 285392] R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 03:27 29262680] R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032] R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [17/06/2009 16:05 5120] R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [12/01/2010 14:57 185640] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 11:31 92008] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [30/11/2006 21:57 72704] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [30/11/2006 21:57 43904] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [30/11/2006 21:57 30976] R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [30/11/2006 21:58 227328] S2 gupdate1ca6541ab666733;Google Update Service (gupdate1ca6541ab666733);c:\program files\Google\Update\GoogleUpdate.exe [14/11/2009 15:46 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 15:52 1228208] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [23/12/2006 02:49 741376] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [23/12/2006 02:48 397312] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [23/12/2006 02:48 1089536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder 2010-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 15:46] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 15:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: Add RSS Support Site to VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - [url="http://www.skybroadband.com"]http://www.skybroadband.com[/url] DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll . - - - - ORPHANS REMOVED - - - - SafeBoot-klmdb.sys ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-03-03 21:57:53 ComboFix-quarantined-files.txt 2010-03-03 21:57 Pre-Run: 36,131,016,704 bytes free Post-Run: 35,718,074,368 bytes free - - End Of File - - F35B513C1D6D9CBDCE853C45307E2B08
  6. The first log (when it caused a system crash and memory dump) is below, the second log (I re-ran the program after reboot) is at the bottom. I am still getting google searches being habitually re-directed to random sites, constant Windows Explorer crashes and periodic total system crashes (blue screen)... 20:04:16:142 4712 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25 20:04:16:142 4712 ================================================================================ 20:04:16:143 4712 SystemInfo: 20:04:16:143 4712 OS Version: 6.0.6002 ServicePack: 2.0 20:04:16:143 4712 Product type: Workstation 20:04:16:143 4712 ComputerName: VAIO 20:04:16:144 4712 UserName: Vladimir 20:04:16:144 4712 Windows directory: C:\Windows 20:04:16:144 4712 Processor architecture: Intel x86 20:04:16:145 4712 Number of processors: 2 20:04:16:145 4712 Page size: 0x1000 20:04:16:149 4712 Boot type: Normal boot 20:04:16:149 4712 ================================================================================ 20:04:16:191 4712 UnloadDriverW: NtUnloadDriver error 2 20:04:16:191 4712 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 20:04:16:658 4712 Initialize success 20:04:16:658 4712 20:04:16:658 4712 Scanning Services ... 20:04:16:659 4712 wfopen_ex: Trying to open file C:\Windows\system32\config\system 20:04:16:738 4712 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 20:04:16:738 4712 wfopen_ex: Trying to KLMD file open 20:04:16:738 4712 wfopen_ex: File opened ok (Flags 2) 20:04:16:739 4712 wfopen_ex: Trying to open file C:\Windows\system32\config\software 20:04:16:742 4712 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 20:04:16:742 4712 wfopen_ex: Trying to KLMD file open 20:04:16:742 4712 wfopen_ex: File opened ok (Flags 2) 20:04:18:493 4712 GetAdvancedServicesInfo: Raw services enum returned 476 services 20:04:18:503 4712 fclose_ex: Trying to close file C:\Windows\system32\config\system 20:04:18:504 4712 fclose_ex: Trying to close file C:\Windows\system32\config\software 20:04:18:504 4712 20:04:18:505 4712 Scanning Kernel memory ... 20:04:18:505 4712 Devices to scan: 3 20:04:18:505 4712 20:04:18:506 4712 Driver Name: USBSTOR 20:04:18:506 4712 IRP_MJ_CREATE : 8D5E0FC8 20:04:18:506 4712 IRP_MJ_CREATE_NAMED_PIPE : 82072A22 20:04:18:506 4712 IRP_MJ_CLOSE : 8D5E1040 20:04:18:506 4712 IRP_MJ_READ : 8D5E10B8 20:04:18:506 4712 IRP_MJ_WRITE : 8D5E10B8 20:04:18:506 4712 IRP_MJ_QUERY_INFORMATION : 82072A22 20:04:18:506 4712 IRP_MJ_SET_INFORMATION : 82072A22 20:04:18:506 4712 IRP_MJ_QUERY_EA : 82072A22 20:04:18:506 4712 IRP_MJ_SET_EA : 82072A22 20:04:18:506 4712 IRP_MJ_FLUSH_BUFFERS : 82072A22 20:04:18:506 4712 IRP_MJ_QUERY_VOLUME_INFORMATION : 82072A22 20:04:18:506 4712 IRP_MJ_SET_VOLUME_INFORMATION : 82072A22 20:04:18:506 4712 IRP_MJ_DIRECTORY_CONTROL : 82072A22 20:04:18:506 4712 IRP_MJ_FILE_SYSTEM_CONTROL : 82072A22 20:04:18:506 4712 IRP_MJ_DEVICE_CONTROL : 8D5E0BC4 20:04:18:506 4712 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8D5D47E4 20:04:18:506 4712 IRP_MJ_SHUTDOWN : 82072A22 20:04:18:507 4712 IRP_MJ_LOCK_CONTROL : 82072A22 20:04:18:507 4712 IRP_MJ_CLEANUP : 82072A22 20:04:18:507 4712 IRP_MJ_CREATE_MAILSLOT : 82072A22 20:04:18:507 4712 IRP_MJ_QUERY_SECURITY : 82072A22 20:04:18:507 4712 IRP_MJ_SET_SECURITY : 82072A22 20:04:18:507 4712 IRP_MJ_POWER : 8D5DF59C 20:04:18:507 4712 IRP_MJ_SYSTEM_CONTROL : 8D5DC7A2 20:04:18:507 4712 IRP_MJ_DEVICE_CHANGE : 82072A22 20:04:18:507 4712 IRP_MJ_QUERY_QUOTA : 82072A22 20:04:18:507 4712 IRP_MJ_SET_QUOTA : 82072A22 20:04:18:519 4712 siohd: 0 20:04:18:539 4712 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 20:04:18:539 4712 20:04:18:540 4712 Driver Name: ti21sony 20:04:18:540 4712 IRP_MJ_CREATE : 82D85196 20:04:18:540 4712 IRP_MJ_CREATE_NAMED_PIPE : 82D546B2 20:04:18:540 4712 IRP_MJ_CLOSE : 82D85204 20:04:18:540 4712 IRP_MJ_READ : 82D8540C 20:04:18:540 4712 IRP_MJ_WRITE : 82D8565E 20:04:18:541 4712 IRP_MJ_QUERY_INFORMATION : 82D546B2 20:04:18:541 4712 IRP_MJ_SET_INFORMATION : 82D546B2 20:04:18:541 4712 IRP_MJ_QUERY_EA : 82D546B2 20:04:18:541 4712 IRP_MJ_SET_EA : 82D546B2 20:04:18:541 4712 IRP_MJ_FLUSH_BUFFERS : 82D852FE 20:04:18:541 4712 IRP_MJ_QUERY_VOLUME_INFORMATION : 82D546B2 20:04:18:541 4712 IRP_MJ_SET_VOLUME_INFORMATION : 82D546B2 20:04:18:541 4712 IRP_MJ_DIRECTORY_CONTROL : 82D546B2 20:04:18:541 4712 IRP_MJ_FILE_SYSTEM_CONTROL : 82D546B2 20:04:18:541 4712 IRP_MJ_DEVICE_CONTROL : 82D85248 20:04:18:541 4712 IRP_MJ_INTERNAL_DEVICE_CONTROL : 82D85272 20:04:18:541 4712 IRP_MJ_SHUTDOWN : 82D854D2 20:04:18:541 4712 IRP_MJ_LOCK_CONTROL : 82D546B2 20:04:18:541 4712 IRP_MJ_CLEANUP : 82D850FC 20:04:18:541 4712 IRP_MJ_CREATE_MAILSLOT : 82D546B2 20:04:18:541 4712 IRP_MJ_QUERY_SECURITY : 82D546B2 20:04:18:541 4712 IRP_MJ_SET_SECURITY : 82D546B2 20:04:18:541 4712 IRP_MJ_POWER : 82D85364 20:04:18:541 4712 IRP_MJ_SYSTEM_CONTROL : 82D85596 20:04:18:542 4712 IRP_MJ_DEVICE_CHANGE : 82D546B2 20:04:18:542 4712 IRP_MJ_QUERY_QUOTA : 82D546B2 20:04:18:542 4712 IRP_MJ_SET_QUOTA : 82D546B2 20:04:18:617 4712 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code 20:04:18:617 4712 sion 20:04:18:639 4712 C:\Windows\system32\drivers\ti21sony.sys - Verdict: Clean 20:04:18:639 4712 20:04:18:639 4712 Driver Name: atapi 20:04:18:639 4712 IRP_MJ_CREATE : 807D39B0 20:04:18:639 4712 IRP_MJ_CREATE_NAMED_PIPE : 807D39B0 20:04:18:639 4712 IRP_MJ_CLOSE : 807D39B0 20:04:18:639 4712 IRP_MJ_READ : 807D39B0 20:04:18:639 4712 IRP_MJ_WRITE : 807D39B0 20:04:18:639 4712 IRP_MJ_QUERY_INFORMATION : 807D39B0 20:04:18:639 4712 IRP_MJ_SET_INFORMATION : 807D39B0 20:04:18:640 4712 IRP_MJ_QUERY_EA : 807D39B0 20:04:18:640 4712 IRP_MJ_SET_EA : 807D39B0 20:04:18:640 4712 IRP_MJ_FLUSH_BUFFERS : 807D39B0 20:04:18:640 4712 IRP_MJ_QUERY_VOLUME_INFORMATION : 807D39B0 20:04:18:640 4712 IRP_MJ_SET_VOLUME_INFORMATION : 807D39B0 20:04:18:640 4712 IRP_MJ_DIRECTORY_CONTROL : 807D39B0 20:04:18:640 4712 IRP_MJ_FILE_SYSTEM_CONTROL : 807D39B0 20:04:18:640 4712 IRP_MJ_DEVICE_CONTROL : 807D39B0 20:04:18:640 4712 IRP_MJ_INTERNAL_DEVICE_CONTROL : 807D39B0 20:04:18:640 4712 IRP_MJ_SHUTDOWN : 807D39B0 20:04:18:640 4712 IRP_MJ_LOCK_CONTROL : 807D39B0 20:04:18:640 4712 IRP_MJ_CLEANUP : 807D39B0 20:04:18:640 4712 IRP_MJ_CREATE_MAILSLOT : 807D39B0 20:04:18:640 4712 IRP_MJ_QUERY_SECURITY : 807D39B0 20:04:18:640 4712 IRP_MJ_SET_SECURITY : 807D39B0 20:04:18:640 4712 IRP_MJ_POWER : 807D39B0 20:04:18:640 4712 IRP_MJ_SYSTEM_CONTROL : 807D39B0 20:04:18:640 4712 IRP_MJ_DEVICE_CHANGE : 807D39B0 20:04:18:640 4712 IRP_MJ_QUERY_QUOTA : 807D39B0 20:04:18:640 4712 IRP_MJ_SET_QUOTA : 807D39B0 20:04:18:667 4712 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr 20:04:18:667 4712 TDL3_IrpHookDetect: New IrpHandler addr: 86DE58C8 20:04:18:667 4712 ihd: 10, FFDF0308, 510, 134, 3, 120, 0 20:04:18:667 4712 Driver "atapi" Irp handler infected by TDSS rootkit ... 20:04:18:670 4712 cured 20:04:18:671 4712 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code 20:04:18:671 4712 sion 20:04:18:675 4712 C:\Windows\system32\drivers\atapi.sys - Verdict: Infected 20:04:18:675 4712 File C:\Windows\system32\drivers\atapi.sys infected by TDSS rootkit ... 20:04:18:675 4712 Processing driver file: C:\Windows\system32\drivers\atapi.sys 20:04:22:129 4712 vfvi6 20:04:22:337 4712 dsvbh1 20:04:26:157 4712 fdfb1 20:04:26:157 4712 Backup copy found, using it.. 20:04:26:371 4712 will be cured on next reboot 20:04:26:372 4712 Reboot required for cure complete.. 20:04:26:384 4712 Cure on reboot scheduled successfully 20:04:26:384 4712 20:04:26:384 4712 Completed 20:04:26:385 4712 20:04:26:385 4712 Results: 20:04:26:385 4712 Memory objects infected / cured / cured on reboot: 1 / 1 / 0 20:04:26:386 4712 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 20:04:26:386 4712 File objects infected / cured / cured on reboot: 1 / 0 / 1 20:04:26:387 4712 20:04:26:387 4712 UnloadDriverW: NtUnloadDriver error 1 20:04:26:387 4712 KLMD_Unload: UnloadDriverW(klmd21) error 1 20:04:26:390 4712 KLMD(ARK) unloaded successfully -------------------------------------------------------------------------------------------------------------------- 20:18:10:221 2860 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25 20:18:10:221 2860 ================================================================================ 20:18:10:221 2860 SystemInfo: 20:18:10:221 2860 OS Version: 6.0.6002 ServicePack: 2.0 20:18:10:221 2860 Product type: Workstation 20:18:10:222 2860 ComputerName: VAIO 20:18:10:222 2860 UserName: Vladimir 20:18:10:222 2860 Windows directory: C:\Windows 20:18:10:222 2860 Processor architecture: Intel x86 20:18:10:222 2860 Number of processors: 2 20:18:10:222 2860 Page size: 0x1000 20:18:10:225 2860 Boot type: Normal boot 20:18:10:225 2860 ================================================================================ 20:18:10:233 2860 UnloadDriverW: NtUnloadDriver error 2 20:18:10:233 2860 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 20:19:39:139 2860 Initialize success 20:19:39:139 2860 20:19:39:140 2860 Scanning Services ... 20:19:39:140 2860 wfopen_ex: Trying to open file C:\Windows\system32\config\system 20:19:39:273 2860 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 20:19:39:274 2860 wfopen_ex: Trying to KLMD file open 20:19:39:274 2860 wfopen_ex: File opened ok (Flags 2) 20:19:39:287 2860 wfopen_ex: Trying to open file C:\Windows\system32\config\software 20:19:39:289 2860 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 20:19:39:289 2860 wfopen_ex: Trying to KLMD file open 20:19:39:289 2860 wfopen_ex: File opened ok (Flags 2) 20:19:43:886 2860 GetAdvancedServicesInfo: Raw services enum returned 476 services 20:19:43:895 2860 fclose_ex: Trying to close file C:\Windows\system32\config\system 20:19:43:896 2860 fclose_ex: Trying to close file C:\Windows\system32\config\software 20:19:43:896 2860 20:19:43:896 2860 Scanning Kernel memory ... 20:19:43:897 2860 Devices to scan: 3 20:19:43:897 2860 20:19:43:897 2860 Driver Name: USBSTOR 20:19:43:897 2860 IRP_MJ_CREATE : 8CB89FC8 20:19:43:898 2860 IRP_MJ_CREATE_NAMED_PIPE : 82077A22 20:19:43:898 2860 IRP_MJ_CLOSE : 8CB8A040 20:19:43:898 2860 IRP_MJ_READ : 8CB8A0B8 20:19:43:898 2860 IRP_MJ_WRITE : 8CB8A0B8 20:19:43:898 2860 IRP_MJ_QUERY_INFORMATION : 82077A22 20:19:43:898 2860 IRP_MJ_SET_INFORMATION : 82077A22 20:19:43:898 2860 IRP_MJ_QUERY_EA : 82077A22 20:19:43:898 2860 IRP_MJ_SET_EA : 82077A22 20:19:43:898 2860 IRP_MJ_FLUSH_BUFFERS : 82077A22 20:19:43:898 2860 IRP_MJ_QUERY_VOLUME_INFORMATION : 82077A22 20:19:43:898 2860 IRP_MJ_SET_VOLUME_INFORMATION : 82077A22 20:19:43:898 2860 IRP_MJ_DIRECTORY_CONTROL : 82077A22 20:19:43:898 2860 IRP_MJ_FILE_SYSTEM_CONTROL : 82077A22 20:19:43:898 2860 IRP_MJ_DEVICE_CONTROL : 8CB89BC4 20:19:43:898 2860 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8CB7D7E4 20:19:43:898 2860 IRP_MJ_SHUTDOWN : 82077A22 20:19:43:898 2860 IRP_MJ_LOCK_CONTROL : 82077A22 20:19:43:898 2860 IRP_MJ_CLEANUP : 82077A22 20:19:43:898 2860 IRP_MJ_CREATE_MAILSLOT : 82077A22 20:19:43:898 2860 IRP_MJ_QUERY_SECURITY : 82077A22 20:19:43:898 2860 IRP_MJ_SET_SECURITY : 82077A22 20:19:43:899 2860 IRP_MJ_POWER : 8CB8859C 20:19:43:899 2860 IRP_MJ_SYSTEM_CONTROL : 8CB857A2 20:19:43:899 2860 IRP_MJ_DEVICE_CHANGE : 82077A22 20:19:43:899 2860 IRP_MJ_QUERY_QUOTA : 82077A22 20:19:43:899 2860 IRP_MJ_SET_QUOTA : 82077A22 20:19:43:900 2860 siohd: 0 20:19:43:936 2860 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 20:19:43:936 2860 20:19:43:936 2860 Driver Name: ti21sony 20:19:43:936 2860 IRP_MJ_CREATE : 8C5EE196 20:19:43:936 2860 IRP_MJ_CREATE_NAMED_PIPE : 8C5BD6B2 20:19:43:936 2860 IRP_MJ_CLOSE : 8C5EE204 20:19:43:936 2860 IRP_MJ_READ : 8C5EE40C 20:19:43:936 2860 IRP_MJ_WRITE : 8C5EE65E 20:19:43:936 2860 IRP_MJ_QUERY_INFORMATION : 8C5BD6B2 20:19:43:936 2860 IRP_MJ_SET_INFORMATION : 8C5BD6B2 20:19:43:936 2860 IRP_MJ_QUERY_EA : 8C5BD6B2 20:19:43:937 2860 IRP_MJ_SET_EA : 8C5BD6B2 20:19:43:937 2860 IRP_MJ_FLUSH_BUFFERS : 8C5EE2FE 20:19:43:937 2860 IRP_MJ_QUERY_VOLUME_INFORMATION : 8C5BD6B2 20:19:43:937 2860 IRP_MJ_SET_VOLUME_INFORMATION : 8C5BD6B2 20:19:43:937 2860 IRP_MJ_DIRECTORY_CONTROL : 8C5BD6B2 20:19:43:937 2860 IRP_MJ_FILE_SYSTEM_CONTROL : 8C5BD6B2 20:19:43:937 2860 IRP_MJ_DEVICE_CONTROL : 8C5EE248 20:19:43:937 2860 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8C5EE272 20:19:43:937 2860 IRP_MJ_SHUTDOWN : 8C5EE4D2 20:19:43:937 2860 IRP_MJ_LOCK_CONTROL : 8C5BD6B2 20:19:43:937 2860 IRP_MJ_CLEANUP : 8C5EE0FC 20:19:43:937 2860 IRP_MJ_CREATE_MAILSLOT : 8C5BD6B2 20:19:43:937 2860 IRP_MJ_QUERY_SECURITY : 8C5BD6B2 20:19:43:937 2860 IRP_MJ_SET_SECURITY : 8C5BD6B2 20:19:43:937 2860 IRP_MJ_POWER : 8C5EE364 20:19:43:937 2860 IRP_MJ_SYSTEM_CONTROL : 8C5EE596 20:19:43:937 2860 IRP_MJ_DEVICE_CHANGE : 8C5BD6B2 20:19:43:937 2860 IRP_MJ_QUERY_QUOTA : 8C5BD6B2 20:19:43:937 2860 IRP_MJ_SET_QUOTA : 8C5BD6B2 20:19:43:939 2860 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code 20:19:43:940 2860 sion 20:19:43:994 2860 C:\Windows\system32\drivers\ti21sony.sys - Verdict: Clean 20:19:43:994 2860 20:19:43:994 2860 Driver Name: atapi 20:19:43:994 2860 IRP_MJ_CREATE : 807F1140 20:19:43:994 2860 IRP_MJ_CREATE_NAMED_PIPE : 82077A22 20:19:43:995 2860 IRP_MJ_CLOSE : 807F1140 20:19:43:995 2860 IRP_MJ_READ : 82077A22 20:19:43:995 2860 IRP_MJ_WRITE : 82077A22 20:19:43:995 2860 IRP_MJ_QUERY_INFORMATION : 82077A22 20:19:43:995 2860 IRP_MJ_SET_INFORMATION : 82077A22 20:19:43:995 2860 IRP_MJ_QUERY_EA : 82077A22 20:19:43:995 2860 IRP_MJ_SET_EA : 82077A22 20:19:43:995 2860 IRP_MJ_FLUSH_BUFFERS : 82077A22 20:19:43:995 2860 IRP_MJ_QUERY_VOLUME_INFORMATION : 82077A22 20:19:43:995 2860 IRP_MJ_SET_VOLUME_INFORMATION : 82077A22 20:19:43:995 2860 IRP_MJ_DIRECTORY_CONTROL : 82077A22 20:19:43:995 2860 IRP_MJ_FILE_SYSTEM_CONTROL : 82077A22 20:19:43:995 2860 IRP_MJ_DEVICE_CONTROL : 807DFA5A 20:19:43:995 2860 IRP_MJ_INTERNAL_DEVICE_CONTROL : 807DFA2C 20:19:43:995 2860 IRP_MJ_SHUTDOWN : 82077A22 20:19:43:995 2860 IRP_MJ_LOCK_CONTROL : 82077A22 20:19:43:995 2860 IRP_MJ_CLEANUP : 82077A22 20:19:43:995 2860 IRP_MJ_CREATE_MAILSLOT : 82077A22 20:19:43:995 2860 IRP_MJ_QUERY_SECURITY : 82077A22 20:19:43:995 2860 IRP_MJ_SET_SECURITY : 82077A22 20:19:43:995 2860 IRP_MJ_POWER : 807DFA88 20:19:43:995 2860 IRP_MJ_SYSTEM_CONTROL : 807ECB70 20:19:43:995 2860 IRP_MJ_DEVICE_CHANGE : 82077A22 20:19:43:995 2860 IRP_MJ_QUERY_QUOTA : 82077A22 20:19:43:996 2860 IRP_MJ_SET_QUOTA : 82077A22 20:19:43:996 2860 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code 20:19:43:996 2860 sion 20:19:44:010 2860 C:\Windows\system32\drivers\atapi.sys - Verdict: Clean 20:19:44:010 2860 20:19:44:011 2860 Completed 20:19:44:011 2860 20:19:44:012 2860 Results: 20:19:44:014 2860 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 20:19:44:014 2860 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 20:19:44:015 2860 File objects infected / cured / cured on reboot: 0 / 0 / 0 20:19:44:015 2860 20:19:44:055 2860 KLMD(ARK) unloaded successfully
  7. It doesn't run in safe mode. The first dialog opens up, saying "combofix" with a progress bar. The progress bar completes and then the menu disappears and nothing further happens. I did try it a few times and waited for it for about 15min one time to see if it would kick in.
  8. I disabled the anti-spyware stuff, however I could not figure out how to disable VG antivirus short of uninstalling it or terminating its process (which surely isn't good?). Tried to run ComboFix, which complained about AVG and then a few minutes into the scan initiated a Windows error and memory dump. Here is the results of the last OTL operation, btw: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TOY5KNQ8OC deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully! F:\autorun.inf moved successfully. File not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f62a25e-75ca-11de-ab99-0013a98785f7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f62a25e-75ca-11de-ab99-0013a98785f7}\ not found. F:\Setup.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb785c76-640d-11de-babe-0013a98785f7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb785c76-640d-11de-babe-0013a98785f7}\ not found. File I:\InstallTomTomHOME.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. File F:\Setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. File G:\Autorun.exe not found. C:\pxldypog.sys moved successfully. ========== FILES ========== Unable to replace file: C:\Windows\System32\drivers\atapi.sys with C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys without a reboot. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User User: Public User: Vladimir ->Temp folder emptied: 45 bytes ->Temporary Internet Files folder emptied: 67069305 bytes ->Java cache emptied: 4559588 bytes ->FireFox cache emptied: 35139626 bytes ->Google Chrome cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1304 bytes RecycleBin emptied: 341408230 bytes Total Files Cleaned = 427.00 mb OTL by OldTimer - Version 3.1.30.2 log created on 02272010_113818 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\JET9165.tmp not found! Registry entries deleted on Reboot...
  9. Thank you! Here they are: OTL: OTL logfile created on: 25/02/2010 21:15:49 - Run 1 OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Vladimir\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 177.00 Gb Total Space | 37.40 Gb Free Space | 21.13% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 931.28 Gb Total Space | 721.76 Gb Free Space | 77.50% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VAIO Current User Name: Vladimir Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color="#E56717"]========== Processes (SafeList) ==========[/color] PRC - [2010/02/25 21:14:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe PRC - [2010/02/04 15:52:57 | 001,228,208 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010/02/04 15:52:57 | 000,814,160 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2010/01/12 14:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010/01/01 20:18:19 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2009/12/12 09:31:44 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2009/12/12 09:31:44 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2009/12/12 09:31:39 | 000,745,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe PRC - [2009/11/14 09:57:41 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2009/11/14 09:57:05 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009/11/11 21:31:46 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/07/06 07:59:38 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\3.1\AGCoreService.exe PRC - [2009/06/23 14:23:10 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009/06/23 14:23:01 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2009/04/11 06:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/23 10:47:10 | 003,458,376 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7613\Webshots.scr PRC - [2009/02/25 15:17:16 | 000,045,056 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008/08/24 10:59:12 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe PRC - [2008/01/19 07:33:40 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2008/01/19 07:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2006/11/28 05:15:30 | 000,465,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe PRC - [2006/11/25 01:58:38 | 000,919,672 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2006/11/24 18:36:54 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe PRC - [2006/11/24 18:36:54 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2006/11/14 18:46:24 | 000,411,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe PRC - [2006/11/11 23:35:36 | 000,043,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe PRC - [2006/11/01 06:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2006/10/31 13:52:08 | 000,108,136 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe PRC - [2006/09/26 22:48:36 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2006/09/26 22:46:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe PRC - [2006/09/11 07:23:22 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe PRC - [2006/09/08 06:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe PRC - [2006/09/08 05:54:30 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe PRC - [2006/08/23 20:43:08 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2006/08/04 08:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe [color="#E56717"]========== Modules (SafeList) ==========[/color] MOD - [2010/02/25 21:14:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe MOD - [2009/11/11 21:32:52 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll MOD - [2009/08/21 12:43:50 | 000,151,552 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\nphooks.dll MOD - [2009/08/21 12:37:30 | 000,225,280 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\nscore.dll MOD - [2009/08/21 12:35:30 | 000,348,160 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\communication.dll MOD - [2009/08/13 17:57:52 | 000,212,992 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2005/10/14 20:57:46 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\msvcp71.dll MOD - [2005/10/14 20:57:46 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\msvcr71.dll [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2010/02/04 15:52:57 | 001,228,208 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2010/01/12 14:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009/11/14 15:46:31 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca6541ab666733) Google Update Service (gupdate1ca6541ab666733) SRV - [2009/11/13 11:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009/11/11 21:31:46 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/09/13 15:46:48 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/07/06 07:59:38 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\3.1\AGCoreService.exe -- (AGCoreService) SRV - [2009/06/23 14:22:57 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$VAIO_VEDB) SQL Server (VAIO_VEDB) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/18 10:51:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2006/11/24 18:36:54 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2006/11/14 01:31:22 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2006/11/02 12:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/11/01 06:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006/10/31 13:52:08 | 000,108,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/24 18:32:08 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2006/10/12 02:36:02 | 000,741,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2006/10/11 23:52:44 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) SRV - [2006/10/11 23:52:44 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2006/10/09 19:02:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) SRV - [2006/10/09 19:02:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2006/10/05 02:25:00 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/10/05 02:15:30 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006/10/05 02:06:58 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/09/26 22:48:36 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2006/09/26 22:46:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2006/09/21 17:53:16 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2006/08/29 05:38:04 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2006/08/23 20:43:08 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2006/08/04 08:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2005/11/14 09:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) [color="#E56717"]========== Driver Services (SafeList) ==========[/color] DRV - [2010/02/04 15:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/11/11 21:33:21 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009/11/11 21:33:20 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/11/11 21:33:20 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2009/08/21 12:50:10 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\Windows\System32\drivers\nnrnstdi.sys -- (nnrnstdi) DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008/11/07 05:15:00 | 000,041,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb) DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2006/12/07 11:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006/11/22 08:52:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2006/11/21 21:57:36 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2006/11/21 01:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006/11/17 05:18:44 | 000,645,120 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2006/11/06 13:56:03 | 000,227,328 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006/11/02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006/11/02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 07:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2006/11/02 06:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) DRV - [2006/11/01 04:31:46 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\siwinacc.sys -- (SiFilter) DRV - [2006/11/01 04:31:14 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\siremfil.sys -- (SiRemFil) DRV - [2006/11/01 04:30:34 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\SI3132.sys -- (SI3132) DRV - [2006/10/31 05:15:24 | 000,165,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e100b325.sys -- (E100B) Intel® DRV - [2006/10/30 00:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel® DRV - [2006/10/27 13:08:36 | 000,072,704 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86) DRV - [2006/10/27 13:08:32 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86) DRV - [2006/10/18 19:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2006/10/18 02:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2006/10/18 02:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2006/10/18 02:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2006/10/17 17:00:00 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006/10/13 11:34:22 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) DRV - [2006/10/11 03:33:22 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2006/10/06 00:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid) DRV - [2006/09/06 09:44:52 | 000,030,976 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF) DRV - [2006/09/05 08:33:12 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2006/08/30 00:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006/08/04 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006/06/19 05:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2005/08/02 00:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005/01/06 21:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004/04/13 16:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD) [color="#E56717"]========== Standard Registry (SafeList) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.club-vaio.com"]http://www.club-vaio.com[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008"]http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.crawler.com/search/ie.aspx?tb_id=66008"]http://www.crawler.com/search/ie.aspx?tb_id=66008[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.club-vaio.com"]http://www.club-vaio.com[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.co.uk/"]http://www.google.co.uk/[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color="#E56717"]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424 FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar&search=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 09:32:46 | 000,000,000 | ---D | M] [2009/06/28 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\mozilla\Extensions [2009/06/28 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\mozilla\Extensions\[email protected] [2009/07/20 16:58:38 | 000,000,000 | ---D | M] -- C:\Users\Vladimir\AppData\Roaming\mozilla\Firefox\Profiles\i3woe7gh.default\extensions [2009/06/17 16:24:50 | 000,002,137 | ---- | M] () -- C:\Users\Vladimir\AppData\Roaming\Mozilla\FireFox\Profiles\i3woe7gh.default\searchplugins\MyStart Search.xml [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml O1 HOSTS File: ([2010/02/17 15:47:08 | 000,249,908 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 8711 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DVD43] C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe (Fengtao Software Inc.) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [TOY5KNQ8OC] C:\Users\Vladimir\AppData\Local\Temp\Ofx.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries0000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [url="http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab"]http://upload.facebook.com/controls/2008.1...toUploader5.cab[/url] (Facebook Photo Uploader 5 Control) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [url="http://www.pcpitstop.com/betapit/PCPitStop.CAB"]http://www.pcpitstop.com/betapit/PCPitStop.CAB[/url] (PCPitstop Utility) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [url="https://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab"]https://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab[/url] (Image Uploader Control) O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} [url="http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll"]http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll[/url] (PCPitstop AntiVirus) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [url="http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab"]http://upload.facebook.com/controls/2009.0...oUploader55.cab[/url] (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0) O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} [url="http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab"]http://webalbum.bonusprint.com/ukipc01/dow...geUploader4.cab[/url] (Bonusprint Image Uploader Version 4.5 Control) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} [url="https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab"]https://as.photoprintit.de/ips-opdata/layou...PSUploader4.cab[/url] (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab[/url] (Shockwave Flash Object) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [url="http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab"]http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-gb.cab[/url] (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.157,93.188.166.15 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2009/06/17 12:20:00 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ] O33 - MountPoints2\{6f62a25e-75ca-11de-ab99-0013a98785f7}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation) O33 - MountPoints2\{bb785c76-640d-11de-babe-0013a98785f7}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation) O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2009/06/27 23:43:31 | 000,000,000 | ---D | M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe - (TOSHIBA CORPORATION.) MsConfig - StartUpFolder: C:^Users^Vladimir^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]GrooveMonitor[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {7DAA4A83-E80F-2840-787A-0CC186E20695} - Themes Setup ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) OTL cannot create restorepoints on Vista OSs! [color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/02/25 21:14:41 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe [2010/02/22 19:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/02/22 19:12:25 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Vladimir\Desktop\HijackThisInstaller.exe [2010/02/22 19:10:48 | 000,093,056 | ---- | C] (GMER) -- C:\pxldypog.sys [2010/02/22 19:10:12 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\Desktop\gmer [2010/02/22 18:35:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/02/22 18:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/02/22 18:32:27 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\Desktop\SysRestorePoint_v13 [2010/02/22 15:19:06 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010/02/22 15:13:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010/02/22 15:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010/02/22 15:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010/02/17 16:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop [2010/02/17 16:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop [2010/02/17 15:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/02/17 09:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/02/13 18:56:53 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\Facebook [2010/02/13 17:08:55 | 000,000,000 | ---D | C] -- C:\EFSTMPWP [2010/02/10 13:43:26 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010/02/10 13:43:25 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010/02/10 13:43:11 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010/02/10 13:43:09 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2010/02/10 13:43:09 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2010/02/10 13:43:09 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2010/02/07 10:24:19 | 000,000,000 | ---D | C] -- C:\Users\Vladimir\AppData\Roaming\TeamViewer [2010/02/07 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/02/07 10:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2010/02/07 10:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [color="#E56717"]========== Files - Modified Within 30 Days ==========[/color] [2010/02/25 21:21:51 | 006,029,312 | -HS- | M] () -- C:\Users\Vladimir\NTUSER.DAT [2010/02/25 21:14:55 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Vladimir\Desktop\OTL.exe [2010/02/25 21:14:01 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010/02/25 21:04:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/02/25 21:04:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/02/25 20:57:13 | 056,241,522 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/02/25 20:48:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/02/25 20:48:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/02/25 20:48:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/02/25 20:48:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/02/25 20:48:13 | 2143,494,144 | -HS- | M] () -- C:\hiberfil.sys [2010/02/22 20:56:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/02/22 20:55:47 | 000,524,288 | -HS- | M] () -- C:\Users\Vladimir\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/02/22 20:55:47 | 000,065,536 | -HS- | M] () -- C:\Users\Vladimir\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/02/22 20:55:44 | 006,291,456 | -H-- | M] () -- C:\Users\Vladimir\AppData\Local\IconCache.db [2010/02/22 20:54:41 | 000,052,224 | ---- | M] () -- C:\Users\Vladimir\Desktop\Personal Rota.xls [2010/02/22 19:13:27 | 000,001,874 | ---- | M] () -- C:\Users\Vladimir\Desktop\HijackThis.lnk [2010/02/22 19:12:26 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Vladimir\Desktop\HijackThisInstaller.exe [2010/02/22 19:10:48 | 000,093,056 | ---- | M] (GMER) -- C:\pxldypog.sys [2010/02/22 18:34:39 | 000,000,714 | ---- | M] () -- C:\Users\Vladimir\Desktop\ERUNT.lnk [2010/02/22 18:08:54 | 000,116,224 | ---- | M] () -- C:\Users\Vladimir\Desktop\Form B Trainee annual training summary[1].doc [2010/02/22 17:15:24 | 000,075,776 | ---- | M] () -- C:\Users\Vladimir\Desktop\Form D Educational supervisor report[1].doc [2010/02/22 17:14:00 | 000,075,264 | ---- | M] () -- C:\Users\Vladimir\Desktop\Form C Clinical supervisor report[1].doc [2010/02/22 15:23:11 | 000,043,520 | ---- | M] () -- C:\Users\Vladimir\Desktop\Form A Trainee demographic contact CCT[1].doc [2010/02/22 15:13:42 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010/02/21 17:29:11 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job [2010/02/17 15:47:08 | 000,249,908 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/02/17 15:46:10 | 000,001,055 | ---- | M] () -- C:\Users\Vladimir\Desktop\Spybot - Search & Destroy.lnk [2010/02/17 09:14:07 | 000,249,908 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100217-154708.backup [2010/02/15 19:44:39 | 000,065,656 | ---- | M] () -- C:\Users\Vladimir\Desktop\353510101395_invoice.PDF [2010/02/14 20:37:41 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2010/02/14 20:37:34 | 000,000,088 | RHS- | M] () -- C:\ProgramData\95C5778315.sys [2010/02/14 18:14:27 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Планета Земля.lnk [2010/02/10 16:24:09 | 000,756,706 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/02/10 16:24:09 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/02/10 16:24:09 | 000,118,832 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/02/08 15:02:56 | 000,000,162 | -H-- | M] () -- C:\Users\Vladimir\Documents\~$rivers.doc [2010/02/08 15:01:12 | 000,244,736 | ---- | M] () -- C:\Users\Vladimir\Documents\Drivers.doc [2010/02/07 11:56:13 | 000,001,670 | ---- | M] () -- C:\Users\Vladimir\Desktop\CCleaner.lnk [2010/02/07 11:33:48 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/02/07 10:24:17 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010/02/06 11:19:47 | 000,000,941 | ---- | M] () -- C:\Users\Vladimir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk [2010/02/04 15:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010/02/04 15:52:59 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2010/01/31 12:40:48 | 000,034,304 | ---- | M] () -- C:\Users\Vladimir\Desktop\ARCP checklist.doc [2010/01/28 21:12:58 | 000,652,800 | ---- | M] () -- C:\Users\Vladimir\Desktop\Visual Loss.ppt [color="#E56717"]========== Files Created - No Company Name ==========[/color] [2010/02/22 19:13:27 | 000,001,874 | ---- | C] () -- C:\Users\Vladimir\Desktop\HijackThis.lnk [2010/02/22 18:34:39 | 000,000,714 | ---- | C] () -- C:\Users\Vladimir\Desktop\ERUNT.lnk [2010/02/22 18:30:23 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010/02/22 15:13:42 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010/02/17 15:46:10 | 000,001,055 | ---- | C] () -- C:\Users\Vladimir\Desktop\Spybot - Search & Destroy.lnk [2010/02/17 08:49:18 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010/02/15 19:44:38 | 000,065,656 | ---- | C] () -- C:\Users\Vladimir\Desktop\353510101395_invoice.PDF [2010/02/14 20:20:49 | 2143,494,144 | -HS- | C] () -- C:\hiberfil.sys [2010/02/14 18:14:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Планета Земля.lnk [2010/02/08 15:02:56 | 000,000,162 | -H-- | C] () -- C:\Users\Vladimir\Documents\~$rivers.doc [2010/02/08 15:01:11 | 000,244,736 | ---- | C] () -- C:\Users\Vladimir\Documents\Drivers.doc [2010/02/07 10:25:38 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/02/07 10:24:17 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010/01/31 12:33:45 | 000,034,304 | ---- | C] () -- C:\Users\Vladimir\Desktop\ARCP checklist.doc [2010/01/31 11:55:31 | 000,137,216 | ---- | C] () -- C:\Users\Vladimir\Desktop\Form F Unit feedback form[1].doc [2010/01/31 11:55:31 | 000,116,224 | ---- | C] () -- C:\Users\Vladimir\Desktop\Form B Trainee annual training summary[1].doc [2010/01/31 11:55:31 | 000,075,776 | ---- | C] () -- C:\Users\Vladimir\Desktop\Form D Educational supervisor report[1].doc [2010/01/31 11:55:31 | 000,075,264 | ---- | C] () -- C:\Users\Vladimir\Desktop\Form C Clinical supervisor report[1].doc [2010/01/31 11:55:31 | 000,065,024 | ---- | C] () -- C:\Users\Vladimir\Desktop\Form E Panel outcome summary handover[1].doc [2010/01/31 11:55:31 | 000,046,080 | ---- | C] () -- C:\Users\Vladimir\Desktop\Ophthalmology Training Record Guidance[1].doc [2010/01/31 11:55:31 | 000,039,424 | ---- | C] () -- C:\Users\Vladimir\Desktop\PDP form appraisal[1].doc [2010/01/27 19:31:24 | 000,652,800 | ---- | C] () -- C:\Users\Vladimir\Desktop\Visual Loss.ppt [2010/01/23 11:08:02 | 000,000,067 | ---- | C] () -- C:\Windows\DVDRegionFree.INI [2009/12/19 16:09:33 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2009/12/13 15:01:15 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll [2009/11/23 19:58:15 | 000,000,586 | ---- | C] () -- C:\Windows\Calendar.INI [2009/11/14 18:41:32 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL [2009/11/14 18:41:31 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009/10/27 11:45:38 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini [2009/10/27 11:44:11 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv [2009/10/27 11:44:10 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll [2009/09/11 12:28:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/02 10:39:47 | 000,000,193 | ---- | C] () -- C:\Windows\hppsapp.INI [2009/07/21 11:17:35 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll [2009/07/21 11:17:35 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll [2009/06/23 08:25:27 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2009/06/17 15:50:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\SSGK2PNP.DLL [2009/06/17 15:33:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Dll_OTHER_ENG.dll [2009/02/16 22:12:27 | 000,000,088 | RHS- | C] () -- C:\ProgramData\95C5778315.sys [2009/02/16 22:12:26 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2008/11/27 17:51:18 | 000,099,840 | ---- | C] () -- C:\Users\Vladimir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/06/02 18:07:26 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2007/05/21 16:05:35 | 000,001,356 | ---- | C] () -- C:\Users\Vladimir\AppData\Local\d3d9caps.dat [2006/12/23 02:54:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2006/12/23 02:49:42 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2006/12/23 02:44:11 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2006/12/01 00:15:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/01 01:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006/08/10 23:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll [2005/07/23 05:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2005/05/07 04:40:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PalmDB.dll [color="#E56717"]========== Custom Scans ==========[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\*.* >[/color] [2010/02/25 20:48:09 | 000,000,220 | ---- | M] () -- C:\aaw7boot.log [2009/07/07 17:50:39 | 000,013,337 | ---- | M] () -- C:\AddressDB.csv [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006/11/30 21:58:52 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010/02/25 20:48:13 | 2143,494,144 | -HS- | M] () -- C:\hiberfil.sys [2009/06/17 15:50:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/08/02 11:05:24 | 000,000,000 | ---- | M] () -- C:\Log.txt [2009/06/17 15:50:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009/12/18 10:56:40 | 000,000,439 | ---- | M] () -- C:\nsinst.log [2010/02/25 20:48:09 | 2459,377,664 | -HS- | M] () -- C:\pagefile.sys [2010/02/22 19:10:48 | 000,093,056 | ---- | M] (GMER) -- C:\pxldypog.sys [2009/11/14 16:48:09 | 000,430,798 | ---- | M] () -- C:\vcredist_x86.log [color="#A23BEC"]< MD5 for: AGP440.SYS >[/color] [2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color="#A23BEC"]< MD5 for: ATAPI.SYS >[/color] [2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/11/15 23:02:34 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008/11/15 23:02:34 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/11/15 23:02:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drivers\atapi.sys [color="#A23BEC"]< MD5 for: CNGAUDIT.DLL >[/color] [2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [color="#A23BEC"]< MD5 for: IASTORV.SYS >[/color] [2008/01/19 07:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/19 07:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys [color="#A23BEC"]< MD5 for: NETLOGON.DLL >[/color] [2006/11/02 09:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/19 07:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [color="#A23BEC"]< MD5 for: NVSTOR.SYS >[/color] [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 07:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/19 07:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys [color="#A23BEC"]< MD5 for: SCECLI.DLL >[/color] [2008/01/19 07:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 09:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [color="#A23BEC"]< %systemroot%\*. /mp /s >[/color] [color="#A23BEC"]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2009/04/11 06:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rsaenh.dll [2009/04/11 06:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SLC.dll [color="#A23BEC"]< %systemroot%\system32\*.exe /lockedfiles >[/color] [color="#A23BEC"]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color="#A23BEC"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color="#A23BEC"]< %systemroot%\System32\config\*.sav >[/color] [2006/11/30 21:58:38 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/30 21:58:36 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/30 21:58:38 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/30 21:58:47 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/30 21:58:49 | 006,025,216 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV [color="#A23BEC"]< %PROGRAMFILES%\*. >[/color] [2010/01/10 11:56:31 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter [2009/10/27 12:07:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe [2009/09/13 15:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\AGI [2008/11/27 18:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software [2006/11/30 22:31:18 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint [2009/06/28 17:43:49 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update [2009/11/11 21:31:32 | 000,000,000 | ---D | M] -- C:\Program Files\AVG [2009/06/28 17:46:57 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour [2009/10/28 15:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Book Designer 4.0 [2010/01/24 11:11:27 | 000,000,000 | ---D | M] -- C:\Program Files\Canon [2009/08/02 10:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2009/12/10 15:42:31 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2006/11/30 22:02:34 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT [2009/02/16 22:05:48 | 000,000,000 | ---D | M] -- C:\Program Files\Corel [2009/07/08 19:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX [2010/01/26 20:56:00 | 000,000,000 | ---D | M] -- C:\Program Files\Digiarty [2009/11/14 15:47:16 | 000,000,000 | ---D | M] -- C:\Program Files\DivX [2010/01/23 11:07:47 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Region+CSS Free [2010/02/22 18:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\ERUNT [2009/09/04 14:57:22 | 000,000,000 | ---D | M] -- C:\Program Files\Family Toolbar [2010/01/10 11:58:05 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow [2009/06/28 17:57:02 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client [2010/01/24 11:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\Free Easy Burner [2009/09/11 14:00:01 | 000,000,000 | ---D | M] -- C:\Program Files\GeneWeb [2009/12/13 15:09:56 | 000,000,000 | ---D | M] -- C:\Program Files\GenoPro [2010/02/14 18:14:05 | 000,000,000 | ---D | M] -- C:\Program Files\Google [2006/12/01 00:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\Google BAE [2009/06/17 16:29:50 | 000,000,000 | ---D | M] -- C:\Program Files\IncrediMail [2009/12/18 15:54:44 | 000,000,000 | ---D | M] -- C:\Program Files\Innoproducts [2010/01/24 11:11:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2006/11/30 22:20:29 | 000,000,000 | ---D | M] -- C:\Program Files\Intel [2010/01/27 19:11:22 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2006/12/23 02:35:58 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo [2010/02/07 10:24:08 | 000,000,000 | ---D | M] -- C:\Program Files\iPod [2010/02/07 10:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes [2006/12/01 00:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\Java [2009/11/14 15:41:17 | 000,000,000 | ---D | M] -- C:\Program Files\JockerSoft [2010/02/22 15:14:05 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft [2009/12/10 15:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft [2009/10/28 15:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync [2006/11/02 12:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games [2009/10/28 15:12:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2010/01/22 10:48:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2009/10/30 11:19:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server [2009/10/28 15:11:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio [2009/10/28 15:03:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8 [2010/01/24 11:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works [2009/10/28 15:10:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2009/09/11 15:28:40 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker [2009/11/14 16:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2009/10/28 15:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild [2007/05/26 12:40:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2009/09/25 16:44:20 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software [2010/01/24 11:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound [2009/12/18 10:56:35 | 000,000,000 | ---D | M] -- C:\Program Files\NetRatingsNetSight [2009/09/27 10:24:03 | 000,000,000 | ---D | M] -- C:\Program Files\Nvu [2009/07/07 17:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\Palm [2009/07/07 15:59:21 | 000,000,000 | ---D | M] -- C:\Program Files\palmOne [2009/07/08 20:05:03 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters [2010/02/17 16:25:18 | 000,000,000 | ---D | M] -- C:\Program Files\PCPitstop [2009/10/27 15:36:52 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Info [2009/10/27 11:45:07 | 000,000,000 | ---D | M] -- C:\Program Files\pdf995 [2010/02/07 10:21:35 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime [2009/02/16 22:08:22 | 000,000,000 | ---D | M] -- C:\Program Files\Real [2006/11/02 12:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2006/12/01 00:35:20 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio [2009/06/17 16:05:22 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung [2010/01/10 11:56:19 | 000,000,000 | ---D | M] -- C:\Program Files\Seekapp [2006/11/30 22:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel [2007/05/23 17:03:51 | 000,000,000 | ---D | M] -- C:\Program Files\Sky Broadband [2009/07/08 19:00:20 | 000,000,000 | ---D | M] -- C:\Program Files\Sony [2010/02/17 15:46:11 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy [2010/02/07 10:24:03 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer [2009/06/28 18:00:02 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2 [2009/06/28 18:00:09 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V [2006/12/23 02:36:46 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba [2010/02/22 19:13:26 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro [2006/11/02 13:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2009/06/28 17:58:11 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent [2009/12/30 12:33:39 | 000,000,000 | ---D | M] -- C:\Program Files\VSO [2009/09/13 15:37:59 | 000,000,000 | ---D | M] -- C:\Program Files\Webshots [2009/12/19 16:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Corporation [2009/09/11 15:28:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar [2009/09/11 15:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration [2009/09/11 15:28:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender [2009/09/11 15:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal [2009/12/10 15:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live [2009/12/10 15:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive [2010/02/10 18:00:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail [2009/10/29 14:39:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2006/11/02 12:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT [2009/09/11 15:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery [2009/11/18 21:34:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices [2009/09/11 15:28:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar [2009/06/28 17:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\WindSolutions [2009/07/24 14:13:14 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR [2009/12/04 22:15:08 | 000,000,000 | ---D | M] -- C:\Program Files\yDGpatch [2009/11/26 19:27:16 | 000,000,000 | ---D | M] -- C:\Program Files\Zinio [2009/10/11 11:06:26 | 000,000,000 | ---D | M] -- C:\Program Files\Zortam Mp3 Media Studio [color="#A23BEC"]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-10 15:01:29 [color="#A23BEC"]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BootVerificationProgram /s >[/color] [color="#A23BEC"]< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug /s >[/color] "UserDebuggerHotKey" = 0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\AutoExclusionList] "DWM.exe" = 1 [color="#E56717"]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BE76DBCF < End of report > EXTRAS: OTL Extras logfile created on: 25/02/2010 21:15:49 - Run 1 OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Vladimir\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 177.00 Gb Total Space | 37.40 Gb Free Space | 21.13% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 931.28 Gb Total Space | 721.76 Gb Free Space | 77.50% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VAIO Current User Name: Vladimir Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color="#E56717"]========== Extra Registry (SafeList) ==========[/color] [color="#E56717"]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [color="#E56717"]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color="#E56717"]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3483080238-2169372504-635702862-1003] "EnableNotifications" = 0 "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color="#E56717"]========== Authorized Applications List ==========[/color] [color="#E56717"]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A0A453F-DBD2-4A33-AB1C-6C37F05371EB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{16CC3553-6A6C-45AB-A52E-549642142E29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1A8861BC-6755-4840-B347-424F10CF16EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1BED86FF-4F80-4886-B6A3-C5845BBD2C4F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{284B628D-FCF8-435E-9AD7-01E2E80FD106}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{43779A3F-B394-4E91-8B0D-CC147000AAF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{4F7623D9-F79C-48E5-92C1-D0FE33BB32A4}" = rport=10243 | protocol=6 | dir=out | app=system | "{4FF1B45D-01A7-43F6-89B7-4DFB8764ABA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{506EFD2E-9404-4F00-8822-AD128FB1C2D5}" = lport=10243 | protocol=6 | dir=in | app=system | "{587BEED6-E815-4D49-80D4-062F59EF611A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6271929F-83DD-4CFF-93EF-C602D13DC6D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6CDB0AC8-A544-4552-9ECD-1A9BFCA40E6E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6CDF63CA-E509-4B24-A0C4-2E8BEF75DB81}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{71AF26AB-50DC-483C-9233-D040AB9E5275}" = lport=2869 | protocol=6 | dir=in | app=system | "{8EB498B5-F3AE-4F02-8E2E-FBAF19018E26}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A2A55416-A4B0-48EB-B343-538BA698A513}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C30F7D8F-037B-46C3-8285-B2541CB8B7E1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CB24963C-B80D-4ABF-96DB-AAB3B560C12E}" = lport=2869 | protocol=6 | dir=in | app=system | "{D9BD9F65-473A-49D5-B980-3F3C0308277A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ED18D91E-04E4-435C-990B-886C443069D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [color="#E56717"]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{18EDA2D9-62B0-40E0-90EC-8283EF825567}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1ECF4705-9032-4966-B963-15DB2602C720}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{2B0B8F14-94BF-473B-BEF0-6169BB034882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2DBDA21F-A63F-453F-BF64-9BCF5DA4C3BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3DB42EA7-5EC2-47A4-B2FF-36B38E5A0DC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3EC6CEB1-DF55-4C28-9016-717CE876B677}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{56317775-70F8-4062-8B31-AD89D5F5B35C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{59E3343B-7558-4A06-9DBC-BFE624A6C418}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5BC0A5A9-5006-4FFE-A990-B9FE44C506F6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{772583C0-2631-4F63-B742-1F9AD312C757}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{779C1207-C894-457D-B92F-CFD3E32B79E9}" = protocol=6 | dir=out | app=system | "{7F39ED61-44C8-476B-9D20-706810C89486}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{85BD0DC3-8B16-40D8-988B-CF622F7D43AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{867CD74A-6E37-4ADD-8E79-2735E2AD8AD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8705208D-F474-4BC0-8EAD-5292F0D992B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{89837D94-EEFE-4BB4-A576-35D402B41C31}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8CB0D562-D668-4C5D-9CD1-5164B6FD6096}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9E13D967-D606-4759-8BC8-4D61D62C0B4C}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{ADB427BE-230C-4096-9C11-FE8F3FAD0C80}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C9EFAAE3-7AFE-4841-BF62-63D02CAA18F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D448BB2C-A62C-4AC2-849E-F811FB47BDFD}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{D854271D-9044-40C1-8497-AEFEE870BD76}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{D9AE9EDC-4013-4D0E-82FF-A50D4B75CE4A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{DAB0A438-6980-4466-A773-5DBEC801A925}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{DB6FC5B2-8280-4499-91C5-04EF4C04F761}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{DD42BF73-BE7D-41F1-BE89-7F323ED3C762}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{E7394B17-0B2D-45A2-A12C-C162ACB5DC72}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "{F32E13DB-4CEC-4389-9C5F-A8FDCB3CEABB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{F7B89474-64F2-40EA-9E10-B3E6E7512333}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{FF3029E7-B870-4049-A77E-4761BCF894B6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{2BAF3064-6107-485D-A9B1-8D392611E8B8}C:\program files\sony\reader\data\bin\ebook library.exe" = protocol=6 | dir=in | app=c:\program files\sony\reader\data\bin\ebook library.exe | "TCP Query User{2E2F9616-D405-43B1-B79F-AFFD0BF7D10C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{34BC5885-7320-4BD6-B0CA-664A89741E17}C:\users\vladimir\appdata\local\temp\wzse0.tmp\prs-505 updater.exe" = protocol=6 | dir=in | app=c:\users\vladimir\appdata\local\temp\wzse0.tmp\prs-505 updater.exe | "TCP Query User{63091B09-4FA4-428E-8BAB-EB3224D09676}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe | "TCP Query User{DB0EFFC5-A4CB-4B61-A942-28FEEECDE3E4}C:\program files\geneweb\geneweb-4.10\gw\gwd.exe" = protocol=6 | dir=in | app=c:\program files\geneweb\geneweb-4.10\gw\gwd.exe | "TCP Query User{EF55464F-3B32-4DF0-A30E-547541582B8B}C:\program files\geneweb\geneweb-4.10\gw\gwsetup.exe" = protocol=6 | dir=in | app=c:\program files\geneweb\geneweb-4.10\gw\gwsetup.exe | "UDP Query User{753C757C-E731-42C3-AFA0-C6B477AFF301}C:\program files\sony\reader\data\bin\ebook library.exe" = protocol=17 | dir=in | app=c:\program files\sony\reader\data\bin\ebook library.exe | "UDP Query User{97339861-5C42-422E-B0A9-C3DE38E3A62B}C:\program files\geneweb\geneweb-4.10\gw\gwsetup.exe" = protocol=17 | dir=in | app=c:\program files\geneweb\geneweb-4.10\gw\gwsetup.exe | "UDP Query User{B0A6E860-C3E3-4AE4-9F99-BA23064AB652}C:\users\vladimir\appdata\local\temp\wzse0.tmp\prs-505 updater.exe" = protocol=17 | dir=in | app=c:\users\vladimir\appdata\local\temp\wzse0.tmp\prs-505 updater.exe | "UDP Query User{E57E89AD-FA03-4036-9925-5453DD48B113}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe | "UDP Query User{EE703602-EF90-405B-B38F-A61F1B012C71}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{FE3A74AF-AD35-4551-9C95-2471CE8120D8}C:\program files\geneweb\geneweb-4.10\gw\gwd.exe" = protocol=17 | dir=in | app=c:\program files\geneweb\geneweb-4.10\gw\gwd.exe | [color="#E56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband "{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}" = Sony Snymsico for Vista "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}" = VAIO Information FLOW "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB) "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EAF7E61-068E-11DF-953C-005056806466}" = Google Планета Земля "{322E9572-A659-4920-BE8E-D0899920C22C}" = Book Designer 4.0 "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(tm) SE Runtime Environment 6 "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01 "{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.2 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant "{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0 "{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" = "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{55B781F0-060E-11D4-99D7-00C04FCCB775}" = "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0 "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0 "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series "{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility "{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio "{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0 "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97260AE9-A1EE-492E-8DCC-FD0AFF785720}" = "{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper "{9B2D98E5-A55F-4372-96B9-AE83349AC304}" = Canon Camera TWAIN Driver "{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.2 "{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0 "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C183A21C-395A-490F-99D4-CCAB35E32859}" = "{C239BCD7-882A-478F-A5CF-DDEB074A4291}" = eBook Library by Sony "{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}" = Palm Desktop "{c83b53b8-8da0-32ba-8ccc-6573e8a75a82}" = Webshots Desktop "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter "{E2B38044-AEF2-40AF-BDD8-FEDE799A8633}" = "{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9 "{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows "{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00 "{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F7EC885B-6F58-45B2-9E6A-D4A957EB8333}_is1" = yDGpatch v1.2 "{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center "75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) "AC3Filter" = AC3Filter (remove only) "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "AVG9Uninstall" = AVG Free 9.0 "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "CodecInstaller" = CodecInstaller 2.10.2 "CopyTrans Suite" = CopyTrans Suite Remove Only "Digital Editions" = Adobe Digital Editions "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.58 "ENTERPRISER" = Microsoft Office Enterprise 2007 "ERUNT_is1" = ERUNT 1.1j "ffdshow" = ffdshow (remove only) "FileZilla Client" = FileZilla Client 3.2.6 "Free Easy Burner_is1" = Free Easy Burner V 3.9 "GenoPro" = GenoPro 2.0.1.6 "Google Chrome" = Google Chrome "HijackThis" = HijackThis 2.0.2 "IncrediMail" = IncrediMail "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "InstallShield_{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01 "InstallShield_{9B2D98E5-A55F-4372-96B9-AE83349AC304}" = Canon EOS 10D TWAIN Driver "InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "NetSight" = Nielsen//NetRatings "NVIDIA Drivers" = NVIDIA Drivers "Nvu_is1" = Nvu 1.0PR "PDF Info_is1" = PDF Info 2.02 "Pdf995" = Pdf995 "PitchPerfect" = PitchPerfect Musical Instrument Tuner "PROSet" = Intel® PRO Network Connections Drivers "RealPlayer 6.0" = RealPlayer "Samsung ML-4500 Series" = Samsung ML-4500 Series "SimEditor (UB01)" = SimEditor (UB01) v.2.6.1 (remove only) "TeamViewer 5" = TeamViewer 5 "TomTom HOME" = TomTom HOME 2.7.3.1894 "TwelveKeys" = TwelveKeys Music Transcription Software "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WinX DVD Ripper_is1" = WinX DVD Ripper 4.4 "Zinio Reader" = Zinio Reader "Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 9.40 [color="#E56717"]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "uTorrent" = µTorrent [color="#E56717"]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
  10. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14:03, on 22/02/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\Webshots\315~1.761\webshots.scr C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Vladimir\Desktop\gmer\gmer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\WerFault.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.club-vaio.com"]http://www.club-vaio.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66008"]http://www.crawler.com/search/dispatcher.a...&tbid=66008[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.co.uk/"]http://www.google.co.uk/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.club-vaio.com"]http://www.club-vaio.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [url="http://www.crawler.com/search/ie.aspx?tb_id=66008"]http://www.crawler.com/search/ie.aspx?tb_id=66008[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [url="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008"]http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.crawler.com/search/ie.aspx?tb_id=66008"]http://www.crawler.com/search/ie.aspx?tb_id=66008[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008"]http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Vladimir\AppData\Local\Temp\Ofx.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - [url="http://www.skybroadband.com"]http://www.skybroadband.com[/url] (file missing) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [url="http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab"]http://upload.facebook.com/controls/2008.1...toUploader5.cab[/url] O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url="http://www.pcpitstop.com/betapit/PCPitStop.CAB"]http://www.pcpitstop.com/betapit/PCPitStop.CAB[/url] O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - [url="https://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab"]https://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab[/url] O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - [url="http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll"]http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll[/url] O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [url="http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab"]http://upload.facebook.com/controls/2009.0...oUploader55.cab[/url] O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} (Bonusprint Image Uploader Version 4.5 Control) - [url="http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab"]http://webalbum.bonusprint.com/ukipc01/dow...geUploader4.cab[/url] O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - [url="https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab"]https://as.photoprintit.de/ips-opdata/layou...PSUploader4.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab[/url] O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - [url="http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab"]http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-gb.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{00FA78E8-3C79-48AE-8E0A-EB1836EE85C6}: NameServer = 93.188.163.157,93.188.166.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{51C7FEFD-AC80-4C6F-8DA4-F77CA26B2321}: NameServer = 93.188.163.157,93.188.166.15 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.157,93.188.166.15 O17 - HKLM\System\CS1\Services\Tcpip\..\{00FA78E8-3C79-48AE-8E0A-EB1836EE85C6}: NameServer = 93.188.163.157,93.188.166.15 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.157,93.188.166.15 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.1\AGCoreService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Update Service (gupdate1ca6541ab666733) (gupdate1ca6541ab666733) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 15476 bytes