[Resolved] Please help me out

Answers to your tech questions

Computer forums for help with removing malicious software (malware) and improving computer security

Home Forums Contact

HijackThis Members

Welcome ( Log In | Register )

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

2 Pages

1 2 >

Closed Topic

Start new topic

[Resolved] Please help me out

pfunk5 View Member Profile	Nov 2 2009, 03:02 PM Post #1
Authentic Member Group: Authentic Member Posts: 30 Joined: 3-March 08 Member No.: 77,302 Operating System: Windows Vista	Ok so I am back after a couple years of not having to use your wonderful website. Last time I used it you were using Hijackthis logs but it doesnt look like you are anymore. Anyhow, I downloaded a video the other day and i think I got a free infection along with it. I keep getting really annoying popups and now windows reported it is caused by the W32/Gaobot.worm.gen.u-Win/32/Rbot.3eu!worm. This looks like a real windows message and it tells me to remove it from my system. However my norton antivirus finds nothing. The popups are just annoying advertisements. What should I do? Thanks!!! Justin

oldman960 View Member Profile	Nov 2 2009, 03:55 PM Post #2
SuperMember Group: Classroom Teacher Posts: 3,910 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi pfunk5, welcome to the forum. To make cleaning this machine easier Please do not uninstall/install any programs unless asked to It is more difficult when files/programs are appearing in/disappearing from the logs. Please do not run any scans other than those requested Please follow all instructions in the order posted All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked. Do not attach any logs/reports, etc.. unless specifically requested to do so. If you have problems with or do not understand the instructions, Please ask before continuing. Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine. Download the GMER Rootkit Scanner. Unzip it to your Desktop. Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Double-click gmer.exe. The program will begin to run. Caution These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised! If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click NO In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked. Now click the Scan button. Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt" Save it where you can easily find it, such as your desktop. If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop Download OTListIt2 to your desktop. Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output Check the boxes beside LOP Check and Purity Check. In the Custom Scans/Fixes box near the bottom, copy and paste this line Drivers Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Please post back with GMER log both OTL logs Thanks

pfunk5 View Member Profile	Nov 2 2009, 07:38 PM Post #3
Authentic Member Group: Authentic Member Posts: 30 Joined: 3-March 08 Member No.: 77,302 Operating System: Windows Vista	Thank you for the prompt reply. I will continue to respond to your requests as soon as you reply as I will be staying on the computer now for the night. Here are the logs requested: GMER 1.0.15.15163 - http://www.gmer.net Rootkit scan 2009-11-02 18:28:02 Windows 6.0.6002 Service Pack 2 Running: gmer.exe ---- Files - GMER 1.0.15 ---- File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JZNGT54\st[3] 0 bytes File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JZNGT54\fm[1].js 0 bytes File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JZNGT54\b[11].js 0 bytes File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82CRTD3L\xhamster6[1].htm 8510 bytes File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82CRTD3L\iframe3[2].htm 0 bytes File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82CRTD3L\player_spot3[2].htm 183 bytes File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMKJQ8YC\906[2].htm 1608 bytes File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMKJQ8YC\sed[2].txt 4398 bytes File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMKJQ8YC\iframe3[4].htm 908 bytes File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMKJQ8YC\adtag[1].txt 5245 bytes File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMKJQ8YC\st[4] 4493 bytes File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMKJQ8YC\mad_history[2].htm 42 bytes File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMKJQ8YC\player_spot2[2].htm 0 bytes File C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@xhamster[1].txt 0 bytes ---- EOF - GMER 1.0.15 ---- ________________________________________________________________________________ ___________________________________________________ OTL logfile created on: 11/2/2009 6:30:30 PM - Run 1 OTL by OldTimer - Version 3.1.3.2 Folder = C:\Users\Owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.96 Gb Total Physical Memory \| 1.06 Gb Available Physical Memory \| 26.73% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 286.35 Gb Total Space \| 207.43 Gb Free Space \| 72.44% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\msa.exe () PRC - C:\Windows\msa.exe () PRC - C:\Windows\msa.exe () PRC - C:\Windows\msa.exe () PRC - C:\Users\Owner\AppData\Local\Temp\b.exe () PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\AGI\common\win32\pythonservice.exe () PRC - C:\Program Files (x86)\AGI\common\win32\pythonservice.exe () PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Modules (SafeList) ========== MOD - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\atl.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\vssapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\spp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\authz.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\srclient.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\xmllite.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\vsstrace.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - 64bit-(TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - 64bit-(TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - 64bit-(TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - 64bit-(RSELSVC) -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe (TOSHIBA Corporation) SRV:64bit: - 64bit-(Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation) SRV:64bit: - 64bit-(AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems) SRV:64bit: - 64bit-(WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV:64bit: - 64bit-(WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - 64bit-(TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (AGWinService) -- C:\Program Files (x86)\AGI\common\win32\PythonService.exe () SRV - (Symantec Core LC) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (camsvc) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA) SRV - (TNaviSrv) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (odserv) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (LiveUpdate Notice) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 06:34:14 \| 00,000,000 \| ---D \| M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () SRV - (ose) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LightScribeService) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - 64bit-(SymEvent) SymEvent [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - 64bit-(sdbus) sdbus [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - 64bit-(ApfiltrService) Alps Pointing-device Filter Driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - 64bit-(Thpdrv) TOSHIBA HDD Protection Driver [Kernel \| Boot \| Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys (TOSHIBA Corporation) DRV:64bit: - 64bit-(PMCF) PMCF [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\PMCF.sys () DRV:64bit: - 64bit-(PGEffect) Pangu effect driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys (TOSHIBA Corporation) DRV:64bit: - 64bit-(RTL8169) Realtek 8169 NT Driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - 64bit-(rtl819xpn64) Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\rtl819xp.sys (Realtek Semiconductor Corporation ) DRV:64bit: - 64bit-(igfx) igfx [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation) DRV:64bit: - 64bit-(SymIM) Symantec Network Security Intermediate Filter Driver [Kernel \| System \| Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation) DRV:64bit: - 64bit-(SYMNDISV) SYMNDISV [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS (Symantec Corporation) DRV:64bit: - 64bit-(SYMTDI) SYMTDI [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\SYMTDI.SYS (Symantec Corporation) DRV:64bit: - 64bit-(SYMFW) SYMFW [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SYMFW.SYS (Symantec Corporation) DRV:64bit: - 64bit-(SYMREDRV) SYMREDRV [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV:64bit: - 64bit-(SYMDNS) SYMDNS [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SYMDNS.SYS (Symantec Corporation) DRV:64bit: - 64bit-(rimspci) rimspci [Kernel \| Auto \| Running] -- C:\Windows\SysNative\DRIVERS\rimspe64.sys (REDC) DRV:64bit: - 64bit-(iaStor) Intel AHCI Controller [Kernel \| Boot \| Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV:64bit: - 64bit-(tos_sps64) TOSHIBA tos_sps64 Service [Kernel \| Boot \| Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - 64bit-(rixdpcie) rixdpcie [Kernel \| Auto \| Running] -- C:\Windows\SysNative\DRIVERS\rixdpe64.sys (REDC) DRV:64bit: - 64bit-(COH_Mon) COH_Mon [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys (Symantec Corporation) DRV:64bit: - 64bit-(AgereSoftModem) TOSHIBA Software Modem [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems) DRV:64bit: - 64bit-(SRTSPL) SRTSPL [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS (Symantec Corporation) DRV:64bit: - 64bit-(SRTSP) SRTSP [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS (Symantec Corporation) DRV:64bit: - 64bit-(SRTSPX) SRTSPX [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS (Symantec Corporation) DRV:64bit: - 64bit-(UMPass) Microsoft UMPass Driver [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\umpass.sys (Microsoft Corporation) DRV:64bit: - 64bit-(WpdUsb) WpdUsb [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - 64bit-(usbvideo) USB Video Device (WDM) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys (Microsoft Corporation) DRV:64bit: - 64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys (Microsoft Corporation) DRV:64bit: - 64bit-(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - 64bit-(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel \| Boot \| Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - 64bit-(Thpevm) TOSHIBA HDD Protection - Shock Sensor Driver [Kernel \| Boot \| Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS (TOSHIBA Corporation) DRV:64bit: - 64bit-(RtlProt) Realtke RtlProt WLAN Utility Protocol Driver [Kernel \| System \| Running] -- C:\Windows\SysNative\DRIVERS\rtlprot.sys (Windows ® Codename Longhorn DDK provider) DRV:64bit: - 64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV - (eeCtrl) Symantec Eraser Control driver [Kernel \| System \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel \| On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVEX15) NAVEX15 [Kernel \| On_Demand \| Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091102.021\EX64.SYS (Symantec Corporation) DRV - (NAVENG) NAVENG [Kernel \| On_Demand \| Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091102.021\ENG64.SYS (Symantec Corporation) DRV - (IDSvia64) Symantec Intrusion Prevention Driver [Kernel \| System \| Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20091101.001\IDSviA64.sys (Symantec Corporation) DRV - (COH_Mon) COH_Mon [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\COH_Mon.inf () DRV - (Tcpip) TCP/IP Protocol Driver [Kernel \| Boot \| Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) Windows Firewall Authorization Driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.umt.edu/cas/login?service=htt....edu/umconnect/ IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files (x86)\AGI\common\agcutils.dll (TODO: <Company name>) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 12:16:23 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\toolbar@kiwee.com: C:\Program Files (x86)\Kiwee Toolbar\2.9.201\firefox [2009/09/03 23:00:42 \| 00,000,000 \| ---D \| M] O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll (AG Interactive) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll (AG Interactive) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll (AG Interactive) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [KiweeHook] C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKCU..\Run: [hglzd] C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EB37QP5\dvgrcrq.exe File not found O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [PopRock] C:\Users\Owner\AppData\Local\Temp\b.exe () O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [sntgq] C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EB37QP5\yjbarui.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://chat.bresnan.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.146.17.3 69.145.248.4 69.146.17.2 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4d98e9ad-94e2-11de-b744-0026185e0d21}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found O33 - MountPoints2\{4d98e9b0-94e2-11de-b744-0026185e0d21}\Shell - "" = AutoRun O33 - MountPoints2\{4d98e9b0-94e2-11de-b744-0026185e0d21}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found 64bit:* O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/02 18:29:09 \| 00,527,872 \| ---- \| C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2009/11/02 15:11:51 \| 00,000,000 \| ---D \| C] -- C:\Windows\Sun [2009/11/02 13:55:42 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Trend Micro [2009/10/31 19:30:35 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Adobe [2009/10/31 19:29:56 \| 00,000,000 \| -HSD \| C] -- C:\Config.Msi [2009/10/31 19:27:56 \| 00,000,000 \| ---D \| C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer [2009/10/31 19:25:52 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\NOS [2009/10/31 19:25:52 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\NOS [2009/10/28 02:00:51 \| 00,103,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2009/10/28 02:00:51 \| 00,092,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2009/10/28 02:00:50 \| 03,815,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll [2009/10/28 02:00:50 \| 01,164,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll [2009/10/28 02:00:50 \| 01,164,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll [2009/10/28 02:00:49 \| 03,023,360 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll [2009/10/27 13:35:12 \| 10,626,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2009/10/27 13:35:11 \| 00,372,736 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\unregmp2.exe [2009/10/27 13:35:11 \| 00,310,784 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe [2009/10/27 13:35:08 \| 13,428,224 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2009/10/27 13:35:05 \| 08,147,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2009/10/27 13:35:05 \| 08,147,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2009/10/18 11:11:51 \| 00,000,000 \| ---D \| C] -- C:\Users\Owner\AppData\Roaming\Move Networks [2009/10/18 10:18:24 \| 00,839,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2009/10/18 10:18:23 \| 01,050,112 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDTVVDEC.DLL [2009/10/18 10:18:23 \| 00,971,264 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2009/10/18 10:18:23 \| 00,763,904 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDTVVDEC.DLL [2009/10/18 10:18:23 \| 00,711,168 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2009/10/18 10:18:23 \| 00,604,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2009/10/13 17:49:52 \| 04,698,168 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2009/10/13 17:49:05 \| 00,818,688 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL [2009/10/13 17:49:05 \| 00,604,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL [2009/10/13 17:49:03 \| 05,940,224 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll [2009/10/13 17:49:02 \| 09,236,992 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll [2009/10/13 17:49:01 \| 12,461,568 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll [2009/10/13 17:49:00 \| 11,069,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll [2009/10/13 17:48:59 \| 02,334,208 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2009/10/13 17:48:59 \| 01,985,536 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll [2009/10/13 17:48:58 \| 01,484,288 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll [2009/10/13 17:48:58 \| 01,208,832 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll [2009/10/13 17:48:58 \| 01,147,904 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2009/10/13 17:48:58 \| 00,916,480 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2009/10/13 17:48:58 \| 00,459,776 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2009/10/13 17:48:57 \| 01,538,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2009/10/13 17:48:57 \| 01,469,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2009/10/13 17:48:57 \| 00,700,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2009/10/13 17:48:57 \| 00,594,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2009/10/13 17:48:57 \| 00,387,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2009/10/13 17:48:57 \| 00,243,712 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2009/10/13 17:48:57 \| 00,206,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2009/10/13 17:48:57 \| 00,184,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2009/10/13 17:48:57 \| 00,164,352 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2009/10/13 17:48:57 \| 00,162,816 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2009/10/13 17:48:56 \| 00,252,416 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2009/10/13 17:48:56 \| 00,219,136 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2009/10/13 17:48:56 \| 00,173,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2009/10/13 17:48:56 \| 00,133,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2009/10/13 17:48:56 \| 00,132,096 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2009/10/13 17:48:56 \| 00,109,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2009/10/13 17:48:56 \| 00,072,192 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2009/10/13 17:48:56 \| 00,071,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2009/10/13 17:48:56 \| 00,070,656 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2009/10/13 17:48:56 \| 00,055,296 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2009/10/13 17:48:56 \| 00,031,744 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2009/10/13 17:48:56 \| 00,025,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2009/10/13 17:48:56 \| 00,013,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2009/10/13 17:48:56 \| 00,012,288 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2009/10/13 17:48:55 \| 01,638,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb [2009/10/13 17:48:55 \| 01,638,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb [2009/10/13 17:48:55 \| 00,077,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2009/10/13 17:48:55 \| 00,071,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2009/10/13 17:48:55 \| 00,055,808 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2009/10/13 17:47:33 \| 00,269,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll [2009/10/13 17:47:33 \| 00,218,624 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll [2009/10/13 17:47:30 \| 00,174,592 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv2.sys [2009/10/13 17:47:29 \| 00,082,944 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2009/10/13 17:47:29 \| 00,060,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll ========== Files - Modified Within 30 Days ========== [2009/11/02 18:33:04 \| 02,097,152 \| -HS- \| M] () -- C:\Users\Owner\NTUSER.DAT [2009/11/02 18:29:27 \| 00,291,328 \| ---- \| M] () -- C:\Users\Owner\Desktop\gmer.exe [2009/11/02 18:29:14 \| 00,527,872 \| ---- \| M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2009/11/02 18:26:15 \| 00,000,282 \| -H-- \| M] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job [2009/11/02 18:15:03 \| 00,000,240 \| -H-- \| M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009/11/02 17:51:36 \| 00,003,616 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/11/02 17:51:36 \| 00,003,616 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/11/02 13:58:28 \| 00,595,684 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2009/11/02 13:58:27 \| 00,690,960 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/11/02 13:58:27 \| 00,101,350 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2009/11/02 13:55:43 \| 00,001,900 \| ---- \| M] () -- C:\Users\Owner\Desktop\HijackThis.lnk [2009/11/02 13:51:39 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/11/02 13:51:33 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/11/02 13:51:31 \| 42,563,54304 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/02 13:05:02 \| 00,000,418 \| -H-- \| M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7C85C234-3402-4207-84FA-56FF5778275F}.job [2009/10/31 19:31:00 \| 00,001,889 \| ---- \| M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2009/10/31 19:26:48 \| 00,000,876 \| ---- \| M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk [2009/10/29 18:45:49 \| 00,065,536 \| -HS- \| M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2009/10/29 18:45:48 \| 00,524,288 \| -HS- \| M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2009/10/29 18:45:36 \| 01,667,966 \| -H-- \| M] () -- C:\Users\Owner\AppData\Local\IconCache.db [2009/10/29 18:45:31 \| 08,092,402 \| ---- \| M] () -- C:\Users\Owner\Documents\phys systems test 4 study guide.docx [2009/10/29 13:51:40 \| 00,165,888 \| ---- \| M] () -- C:\Windows\msa.exe [2009/10/28 23:20:48 \| 00,011,264 \| ---- \| M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/27 22:30:01 \| 00,030,208 \| ---- \| M] () -- C:\Users\Owner\Documents\kayla listening analysis.doc [2009/10/27 13:28:43 \| 00,075,712 \| ---- \| M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT [2009/10/27 13:26:36 \| 00,306,184 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2009/10/26 19:52:29 \| 00,000,492 \| ---- \| M] () -- C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Owner.job [2009/10/18 21:39:55 \| 00,015,741 \| ---- \| M] () -- C:\Users\Owner\Documents\resume final draft.docx [2009/10/18 11:16:54 \| 00,260,879 \| ---- \| M] () -- C:\Users\Owner\Documents\MoveMediaPlayerWin_071505000010.exe [2009/10/07 15:25:53 \| 02,627,518 \| ---- \| M] () -- C:\Users\Owner\Documents\spa manual.pdf ========== Files Created - No Company Name ========== [2009/11/02 13:55:43 \| 00,001,900 \| ---- \| C] () -- C:\Users\Owner\Desktop\HijackThis.lnk [2009/10/31 19:31:00 \| 00,001,889 \| ---- \| C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2009/10/31 19:26:48 \| 00,000,876 \| ---- \| C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk [2009/10/29 18:45:27 \| 08,092,402 \| ---- \| C] () -- C:\Users\Owner\Documents\phys systems test 4 study guide.docx [2009/10/29 13:51:43 \| 00,165,888 \| ---- \| C] () -- C:\Windows\msa.exe [2009/10/29 13:51:41 \| 00,000,240 \| -H-- \| C] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009/10/29 13:51:25 \| 00,000,282 \| -H-- \| C] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job [2009/10/27 22:30:01 \| 00,030,208 \| ---- \| C] () -- C:\Users\Owner\Documents\kayla listening analysis.doc [2009/10/18 21:39:47 \| 00,015,741 \| ---- \| C] () -- C:\Users\Owner\Documents\resume final draft.docx [2009/10/18 11:16:49 \| 00,260,879 \| ---- \| C] () -- C:\Users\Owner\Documents\MoveMediaPlayerWin_071505000010.exe [2009/10/16 13:22:44 \| 00,291,328 \| ---- \| C] () -- C:\Users\Owner\Desktop\gmer.exe [2009/10/07 15:25:52 \| 02,627,518 \| ---- \| C] () -- C:\Users\Owner\Documents\spa manual.pdf [2009/09/23 18:02:24 \| 00,819,200 \| ---- \| C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/09/23 18:02:23 \| 00,180,224 \| ---- \| C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/09/03 23:00:20 \| 00,339,968 \| ---- \| C] () -- C:\Windows\SysWow64\pythoncom25.dll [2009/09/03 23:00:20 \| 00,114,688 \| ---- \| C] () -- C:\Windows\SysWow64\pywintypes25.dll [2009/08/25 20:11:56 \| 00,000,680 \| ---- \| C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2009/08/12 21:38:44 \| 00,011,264 \| ---- \| C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/10 06:56:02 \| 01,667,966 \| -H-- \| C] () -- C:\Users\Owner\AppData\Local\IconCache.db [2009/08/10 06:39:28 \| 00,368,640 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/08/10 06:39:10 \| 00,117,248 \| ---- \| C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/08/10 06:31:31 \| 00,075,712 \| ---- \| C] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT [2009/08/10 06:30:23 \| 00,000,013 \| RHS- \| C] () -- C:\Windows\SysWow64\drivers\fbd.sys [2009/07/10 09:15:02 \| 00,000,000 \| ---- \| C] () -- C:\Windows\NDSTray.INI [2009/07/10 09:00:26 \| 00,131,072 \| ---- \| C] () -- C:\Windows\SysWow64\EnumDevLib.dll [2009/05/11 11:53:18 \| 00,209,040 \| ---- \| C] () -- C:\Windows\SysWow64\IVIresizeW7.dll [2009/05/11 11:53:18 \| 00,204,944 \| ---- \| C] () -- C:\Windows\SysWow64\IVIresizeA6.dll [2009/05/11 11:53:18 \| 00,196,752 \| ---- \| C] () -- C:\Windows\SysWow64\IVIresizeP6.dll [2009/05/11 11:53:18 \| 00,196,752 \| ---- \| C] () -- C:\Windows\SysWow64\IVIresizeM6.dll [2009/05/11 11:53:18 \| 00,192,656 \| ---- \| C] () -- C:\Windows\SysWow64\IVIresizePX.dll [2009/05/11 11:53:18 \| 00,024,720 \| ---- \| C] () -- C:\Windows\SysWow64\IVIresize.dll [2008/01/20 19:50:05 \| 00,060,124 \| ---- \| C] () -- C:\Windows\SysWow64\tcpmon.ini [2006/11/02 08:25:49 \| 00,000,174 \| -HS- \| C] () -- C:\Program Files (x86)\desktop.ini [2006/11/02 08:07:25 \| 00,037,665 \| ---- \| C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2006/11/02 08:07:25 \| 00,029,779 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006/11/02 08:07:25 \| 00,026,489 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 08:07:25 \| 00,026,040 \| ---- \| C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 05:34:27 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 05:34:27 \| 00,000,144 \| ---- \| C] () -- C:\Windows\win.ini ========== LOP Check ========== [2009/09/04 00:11:45 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\agi [2009/10/29 18:45:42 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\BitTorrent [2009/08/10 06:31:16 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\PowerCinema [2009/09/23 17:35:07 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\TOSHIBA [2009/08/12 21:43:49 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\Ulead Systems [2009/09/28 21:38:31 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\uTorrent [2009/08/10 06:29:48 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\WinBatch [2009/11/02 13:51:39 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\Tasks\SA.DAT [2009/10/29 18:45:53 \| 00,032,596 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/11/02 13:05:02 \| 00,000,418 \| -H-- \| M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7C85C234-3402-4207-84FA-56FF5778275F}.job [2009/11/02 18:15:03 \| 00,000,240 \| -H-- \| M] () -- C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009/11/02 18:26:15 \| 00,000,282 \| -H-- \| M] () -- C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job ========== Purity Check ========== ========== Custom Scans ========== < Drivers > < End of report > __________________________________________________________________________ OTL Extras logfile created on: 11/2/2009 6:30:30 PM - Run 1 OTL by OldTimer - Version 3.1.3.2 Folder = C:\Users\Owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.96 Gb Total Physical Memory \| 1.06 Gb Available Physical Memory \| 26.73% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 286.35 Gb Total Space \| 207.43 Gb Free Space \| 72.44% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* File not found batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* File not found cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* File not found cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 93 19 9D A6 C4 19 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05883420-388A-4CD0-941D-646F27504220}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{10D2B42B-2D33-4098-A101-E842D8382FD2}" = lport=445 \| protocol=6 \| dir=in \| app=system \| "{1AE56364-7CB4-43E0-B743-9E1108D8B607}" = lport=139 \| protocol=6 \| dir=in \| app=system \| "{1B085992-19F2-4A99-8AD7-C8C33C1C8410}" = rport=445 \| protocol=6 \| dir=out \| app=system \| "{2A6CC555-4EBE-40E5-8753-26C23C12C999}" = rport=10244 \| protocol=6 \| dir=out \| app=system \| "{2BA6AEDC-306C-463E-8979-EB362FE1FBDF}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{3651633E-2BCD-4655-888D-067CFC28CF35}" = lport=3390 \| protocol=6 \| dir=in \| app=system \| "{38F422ED-8F2A-415C-AA04-4C8156F99A99}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{3C44F5FE-255E-41A0-A614-2B1A80D61740}" = rport=2177 \| protocol=17 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{482A273E-E372-40B5-86D0-077584F201C2}" = lport=137 \| protocol=17 \| dir=in \| app=system \| "{4FA927E9-1E66-4B65-8873-884B04D92688}" = rport=139 \| protocol=6 \| dir=out \| app=system \| "{54B6D073-5FD3-4309-B648-370ED502E8A7}" = lport=554 \| protocol=6 \| dir=in \| app=%systemroot%\ehome\ehshell.exe \| "{5664E0EE-6987-4C49-9986-28C726E2F552}" = rport=10244 \| protocol=6 \| dir=out \| app=system \| "{5C1422CA-5D27-46F9-92D7-A37EFD7DDA5C}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{615372FF-7761-4530-8C92-C116717B59A3}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{683F0A3A-CFE3-44E2-9FC8-F65821C42E0C}" = lport=2869 \| protocol=6 \| dir=in \| app=system \| "{6BF22A89-27F6-4C99-A174-49746200BC55}" = lport=7777 \| protocol=17 \| dir=in \| app=%systemroot%\ehome\ehshell.exe \| "{7E488BC2-5192-4896-AABA-5F827C86D7E3}" = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| "{80DFF3E8-E6D5-4E50-8D6B-706ADD71B53C}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{8768D950-8FEF-4239-A1DC-010024B8F303}" = rport=2177 \| protocol=6 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{8A976A4C-EB08-41E2-AE0A-06D0CFD8EBD7}" = lport=2177 \| protocol=17 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{932B8607-0AE5-47D9-8D6A-72AA9ACAF8CF}" = lport=2177 \| protocol=6 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{98454D4C-612C-4098-853F-52851DD8CA48}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{9AE6E5E7-FE4A-4B7E-A8A5-F4E3A586E2FE}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{9E502F63-E2B8-4793-8582-909BBA9E8823}" = lport=10244 \| protocol=6 \| dir=in \| app=system \| "{A4EC9ED1-159D-4DF8-9E02-3F70672F1B8F}" = lport=2177 \| protocol=6 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{A8A1F779-D02E-44C4-B4B7-3DF6B0310B9B}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{B304ECB0-D0AE-4AD5-994F-3107D336FB5F}" = rport=137 \| protocol=17 \| dir=out \| app=system \| "{B4DBE24D-5153-48BF-81AA-D043AF09D4EF}" = rport=138 \| protocol=17 \| dir=out \| app=system \| "{BCB508CC-5E94-4894-A457-98D821C26882}" = lport=7777 \| protocol=17 \| dir=in \| app=%systemroot%\ehome\ehshell.exe \| "{C11DDE33-07E2-4716-B43E-88E5C495B9FB}" = lport=554 \| protocol=6 \| dir=in \| app=%systemroot%\ehome\ehshell.exe \| "{C3303FEF-97E3-466E-ADD3-14E4BE1EE4F0}" = rport=2177 \| protocol=6 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{C42017B4-A901-4850-BD7D-E301AE8F4D11}" = lport=3390 \| protocol=6 \| dir=in \| app=system \| "{C99AF2A0-E26D-4127-ABBA-7CCB64FEB6ED}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{D3EB6B58-62CE-4FF6-A4E4-FEFF99E7AD31}" = lport=138 \| protocol=17 \| dir=in \| app=system \| "{D5A8A300-F27D-4674-91B9-7DD5F24DEE42}" = lport=10244 \| protocol=6 \| dir=in \| app=system \| "{DAD4352D-6AD5-4282-950E-650A074A9F9B}" = lport=2177 \| protocol=17 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{E047D43E-1972-46C0-804F-93F39ADD040A}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{E12914F0-0BB6-401B-913C-FC7E5DF276FB}" = rport=2177 \| protocol=17 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{E9210521-9F63-4EE7-A8B9-66C859B570A5}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{F5A4C8F0-913A-45E5-A01A-1697EE01900F}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=svchost.exe \| "{FE6020C6-8BCA-49CC-A3B3-B88786705472}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FF6B73E-DA76-418E-993B-7706C4899EB3}" = protocol=17 \| dir=in \| app=c:\program files (x86)\logitech\logitech vid\vid.exe \| "{1B410AB3-8433-46C8-BD0A-F4F27B7C91CE}" = protocol=6 \| dir=in \| app=c:\program files (x86)\microsoft office\office12\onenote.exe \| "{1C1526DD-A83F-4A6C-A30C-B58613E3C48A}" = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| "{2258B955-8BC2-4AFE-BF22-844783F1C3CD}" = dir=in \| app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe \| "{23663937-F8DC-455E-8A9E-7E543E097774}" = dir=in \| app=c:\program files (x86)\windows live\messenger\wlcsdk.exe \| "{29523B38-B9BB-401F-A4F3-B237BFD36579}" = protocol=17 \| dir=in \| app=c:\program files (x86)\microsoft office\office12\onenote.exe \| "{373AE546-E682-420A-A874-25C6BB6BBC02}" = protocol=6 \| dir=in \| app=c:\program files (x86)\logitech\logitech vid\vid.exe \| "{4A7421CC-524B-4144-9A35-AB0965BBE847}" = protocol=17 \| dir=out \| app=%systemroot%\ehome\ehshell.exe \| "{60A6A48D-700C-47C6-8E68-49A28F5B5089}" = protocol=6 \| dir=out \| app=%systemroot%\ehome\mcx2prov.exe \| "{676CDD04-A889-4870-8D79-80452886C8B6}" = dir=in \| app=c:\program files (x86)\windows live\messenger\msnmsgr.exe \| "{68A941D1-9B2F-4F6F-9CD0-0F791ECA3F47}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{714F5444-3061-45A6-A84A-3C4CD734DD3D}" = dir=in \| app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe \| "{71A84D11-AA0E-4E1E-AE97-B707B6AF95E7}" = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| "{71E5FD31-26D9-4100-AC3D-B3E84A3E4C95}" = protocol=6 \| dir=out \| app=%systemroot%\ehome\ehshell.exe \| "{7354CF7C-E575-437C-AD09-C938AF08B402}" = protocol=6 \| dir=out \| app=%systemroot%\ehome\ehshell.exe \| "{92F7A1B6-DCE1-4EDA-B171-67F455573A76}" = dir=in \| app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe \| "{A189ACC2-1E4F-409A-BBFE-78B161FA666E}" = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| "{B1FD1C63-880F-473C-BAB3-E25F4DB68674}" = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| "{B20B1FB1-0AEB-44F2-B379-121D573C310D}" = dir=in \| app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe \| "{C38A942F-5136-436D-85BD-E8B4F36D2ABA}" = protocol=6 \| dir=out \| svc=mcx2svc \| app=%systemroot%\system32\svchost.exe \| "{DF6CDA70-40A9-45F9-8FF6-AF54B4D8D0A2}" = protocol=6 \| dir=out \| svc=mcx2svc \| app=%systemroot%\system32\svchost.exe \| "{E13AB820-748C-463A-882C-D991507F3B55}" = protocol=17 \| dir=out \| app=%systemroot%\ehome\ehshell.exe \| "{E399E8F4-53C0-45EC-B375-1449FD4674DD}" = protocol=6 \| dir=out \| app=%systemroot%\ehome\mcx2prov.exe \| "TCP Query User{3AF37F0E-0CAF-426C-AE9B-6BA7DCF6441E}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\logitech\logitech vid\vid.exe \| "TCP Query User{D3345090-A6C4-4923-AA46-498278E88DF5}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 \| dir=in \| app=c:\program files (x86)\bittorrent\bittorrent.exe \| "UDP Query User{208B7DF2-DBE6-4747-8021-03363FF6435B}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\bittorrent\bittorrent.exe \| "UDP Query User{78EE4CFA-7DC7-4C0A-A8D6-08C24F86B838}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 \| dir=in \| app=c:\program files (x86)\logitech\logitech vid\vid.exe \| ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center "{2B8AD1EE-28D4-42FF-AE4B-856E5862D583}" = ccCommon64 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime "{7E8CCF9B-A641-41A7-B3A2-A0E48E1AD5F2}" = SymNet x64 "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D75B1A1F-BBEC-4DF2-ACE4-9B166438A621}" = Symantec Real Time Storage Protection Component (x64) "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{F303C668-7674-484A-8C04-579881C382F8}" = Norton Protection Center "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "HDMI" = Intel® Graphics Media Accelerator Driver "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "TOSHIBA Software Modem" = TOSHIBA Software Modem [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01 "{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page "{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11 "{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework "{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer "{9FE10246-A876-4979-B345-CADE6863BD8E}" = TOSHIBA Supervisor Password "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2 "{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}" = Skype Launcher "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D5D8637D-FA1C-4CAD-91FC-4ADB1C284A21}" = TOSHIBA Hardware Setup "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility "{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}" = Geek Squad 24 Hour Computer Support "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FD6EE1AB-79FB-4AEC-87F4-0369D59F3A9A}" = BresnanClientSetup "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "BitTorrent" = BitTorrent "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1 "Picasa2" = Picasa 2 "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus (Symantec Corporation) "WinLiveSuite_Wave3" = Windows Live Essentials "Xvid_is1" = Xvid 1.2.2 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10/1/2009 4:35:47 PM \| Computer Name = Owner-PC \| Source = WinMgmt \| ID = 10 Description = Error - 10/3/2009 5:32:52 PM \| Computer Name = Owner-PC \| Source = WinMgmt \| ID = 10 Description = Error - 10/4/2009 4:49:41 PM \| Computer Name = Owner-PC \| Source = WinMgmt \| ID = 10 Description = Error - 10/5/2009 3:06:41 PM \| Computer Name = Owner-PC \| Source = WinMgmt \| ID = 10 Description = Error - 10/5/2009 7:14:04 PM \| Computer Name = Owner-PC \| Source = WinMgmt \| ID = 10 Description = Error - 10/6/2009 6:10:10 PM \| Computer Name = Owner-PC \| Source = WinMgmt \| ID = 10 Description = Error - 10/6/2009 9:11:40 PM \| Computer Name = Owner-PC \| Source = WinMgmt \| ID = 10 Description = Error - 10/8/2009 2:39:30 AM \| Computer Name = Owner-PC \| Source = WinMgmt \| ID = 10 Description = Error - 10/8/2009 10:51:17 AM \| Computer Name = Owner-PC \| Source = WinMgmt \| ID = 10 Description = Error - 10/9/2009 3:19:43 PM \| Computer Name = Owner-PC \| Source = WinMgmt \| ID = 10 Description = [ Media Center Events ] Error - 10/24/2009 8:30:41 PM \| Computer Name = Owner-PC \| Source = MCUpdate \| ID = 0 Description = Error connecting to the internet. (4336.1128) Error - 10/24/2009 8:30:41 PM \| Computer Name = Owner-PC \| Source = MCUpdate \| ID = 0 Description = Unable to contact server.. (4336.1129) Error - 10/24/2009 8:30:46 PM \| Computer Name = Owner-PC \| Source = MCUpdate \| ID = 0 Description = Error connecting to the internet. (4336.1128) Error - 10/24/2009 8:30:46 PM \| Computer Name = Owner-PC \| Source = MCUpdate \| ID = 0 Description = Unable to contact server.. (4336.1129) Error - 10/24/2009 9:48:56 PM \| Computer Name = Owner-PC \| Source = MCUpdate \| ID = 0 Description = Error connecting to the internet. (5628.1128) Error - 10/24/2009 9:48:56 PM \| Computer Name = Owner-PC \| Source = MCUpdate \| ID = 0 Description = Unable to contact server.. (5628.1129) Error - 10/24/2009 9:49:01 PM \| Computer Name = Owner-PC \| Source = MCUpdate \| ID = 0 Description = Error connecting to the internet. (5628.1128) Error - 10/24/2009 9:49:01 PM \| Computer Name = Owner-PC \| Source = MCUpdate \| ID = 0 Description = Unable to contact server.. (5628.1129) Error - 10/25/2009 5:00:17 AM \| Computer Name = Owner-PC \| Source = MCUpdate \| ID = 0 Description = Error connecting to the internet. (7940.1128) Error - 10/25/2009 5:00:17 AM \| Computer Name = Owner-PC \| Source = MCUpdate \| ID = 0 Description = Unable to contact server.. (7940.1129) [ System Events ] Error - 10/2/2009 1:09:55 PM \| Computer Name = Owner-PC \| Source = Microsoft-Windows-Servicing \| ID = 4385 Description = Error - 10/2/2009 1:09:55 PM \| Computer Name = Owner-PC \| Source = Microsoft-Windows-Servicing \| ID = 4385 Description = Error - 10/2/2009 1:09:55 PM \| Computer Name = Owner-PC \| Source = Microsoft-Windows-Servicing \| ID = 4375 Description = Error - 10/2/2009 1:09:55 PM \| Computer Name = Owner-PC \| Source = Microsoft-Windows-Servicing \| ID = 4375 Description = Error - 10/2/2009 1:09:55 PM \| Computer Name = Owner-PC \| Source = Microsoft-Windows-Servicing \| ID = 4385 Description = Error - 10/2/2009 1:09:55 PM \| Computer Name = Owner-PC \| Source = Microsoft-Windows-Servicing \| ID = 4375 Description = Error - 10/2/2009 1:09:55 PM \| Computer Name = Owner-PC \| Source = Microsoft-Windows-Servicing \| ID = 4385 Description = Error - 10/2/2009 1:09:55 PM \| Computer Name = Owner-PC \| Source = Microsoft-Windows-Servicing \| ID = 4375 Description = Error - 10/2/2009 1:09:55 PM \| Computer Name = Owner-PC \| Source = Microsoft-Windows-Servicing \| ID = 4385 Description = Error - 10/2/2009 1:09:55 PM \| Computer Name = Owner-PC \| Source = Microsoft-Windows-Servicing \| ID = 4385 Description = < End of report >

oldman960 View Member Profile	Nov 3 2009, 12:23 AM Post #4
SuperMember Group: Classroom Teacher Posts: 3,910 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi pfunk5, BitTorrent You have BitTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. It's not the program itself that is the problem, but what can be downloaded with it. Usually the material comes from an unknown source. References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/commun...protection.mspx http://www.internetworldstats.com/articles...cles/art053.htm I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs. If you wish to keep it, please do not use it until your computer is cleaned. Next, Right click on OTL.exe and chose Run as Administrator to run it Under the Custom Scans/Fixes box at the bottom, paste in the following Do Not copy the word CODE please note the fix starts with the : CODE :OTL PRC - C:\Windows\msa.exe () PRC - C:\Windows\msa.exe () PRC - C:\Windows\msa.exe () PRC - C:\Windows\msa.exe () PRC - C:\Users\Owner\AppData\Local\Temp\b.exe () O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found. O4 - HKCU..\Run: [hglzd] C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EB37QP5\dvgrcrq.exe File not found O4 - HKCU..\Run: [PopRock] C:\Users\Owner\AppData\Local\Temp\b.exe () O4 - HKCU..\Run: [sntgq] C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EB37QP5\yjbarui.exe File not found [2009/11/02 18:26:15 \| 00,000,282 \| -H-- \| M] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job [2009/11/02 18:15:03 \| 00,000,240 \| -H-- \| M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009/10/29 13:51:40 \| 00,165,888 \| ---- \| M] () -- C:\Windows\msa.exe :Commands [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered Please save the resulting log to be posted in your next reply. Please post the OTL log. Next Download and save to your desktop Malwarebytes Anti-Malware Right click on itmbam-setup.exe and chose Run as Administrator to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Please post back with OTL fix log MBAM log new OTL scan log taken last How's the computer? Thanks

pfunk5 View Member Profile	Nov 3 2009, 02:04 AM Post #5
Authentic Member Group: Authentic Member Posts: 30 Joined: 3-March 08 Member No.: 77,302 Operating System: Windows Vista	So far so good after doing those steps. No pop ups yet so that is a good sign. I am running the OTL scan again now. I wasnt sure if I was supposed to check the LOP check and Purity check boxes this time so I did. Here are the logs: OTL fix log: All processes killed ========== OTL ========== No active process named msa.exe was found! No active process named msa.exe was found! No active process named msa.exe was found! No active process named msa.exe was found! No active process named b.exe was found! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hglzd deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PopRock deleted successfully. C:\Users\Owner\AppData\Local\Temp\b.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sntgq deleted successfully. C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job moved successfully. C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job moved successfully. C:\Windows\msa.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mcx1-OWNER-PC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 30862176 bytes User: Owner ->Temp folder emptied: 153481673 bytes ->Temporary Internet Files folder emptied: 389192960 bytes ->Java cache emptied: 3791228 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes Windows Temp folder emptied: 22605999 bytes RecycleBin emptied: 10670808 bytes Total Files Cleaned = 582.35 mb OTL by OldTimer - Version 3.1.3.2 log created on 11032009_003715 Files\Folders moved on Reboot... Registry entries deleted on Reboot... MBAM Log: Malwarebytes' Anti-Malware 1.41 Database version: 3090 Windows 6.0.6002 Service Pack 2 11/3/2009 12:53:43 AM mbam-log-2009-11-03 (00-53-43).txt Scan type: Quick Scan Objects scanned: 92033 Time elapsed: 3 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Last OTL scan did not produce a log. When it was complete it just said scan complete! on the bottom and it's sitting like that now. I haven't closed it until I hear from you.

oldman960 View Member Profile	Nov 3 2009, 07:53 AM Post #6
SuperMember Group: Classroom Teacher Posts: 3,910 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi pfunk5, Have a look on the taskbar, it may have opened minimized. If not, close the progam and run it again. Thanks

pfunk5 View Member Profile	Nov 3 2009, 04:05 PM Post #7
Authentic Member Group: Authentic Member Posts: 30 Joined: 3-March 08 Member No.: 77,302 Operating System: Windows Vista	Weird, no it was not minimized the first time I ran it but the re-run did produce a log. Here it is. OTL logfile created on: 11/3/2009 10:37:39 AM - Run 3 OTL by OldTimer - Version 3.1.3.2 Folder = C:\Users\Owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.96 Gb Total Physical Memory \| 2.18 Gb Available Physical Memory \| 55.08% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 286.35 Gb Total Space \| 205.98 Gb Free Space \| 71.93% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) PRC - C:\Program Files (x86)\AGI\common\win32\pythonservice.exe () PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Modules (SafeList) ========== MOD - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\atl.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\vssapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\spp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\authz.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\srclient.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\xmllite.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\vsstrace.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - 64bit-(TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - 64bit-(TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - 64bit-(TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - 64bit-(RSELSVC) -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe (TOSHIBA Corporation) SRV:64bit: - 64bit-(Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation) SRV:64bit: - 64bit-(AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems) SRV:64bit: - 64bit-(WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV:64bit: - 64bit-(WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - 64bit-(TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (AGWinService) -- C:\Program Files (x86)\AGI\common\win32\PythonService.exe () SRV - (Symantec Core LC) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (camsvc) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA) SRV - (TNaviSrv) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (odserv) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (LiveUpdate Notice) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 06:34:14 \| 00,000,000 \| ---D \| M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () SRV - (ose) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LightScribeService) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - 64bit-(SymEvent) SymEvent [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - 64bit-(sdbus) sdbus [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - 64bit-(ApfiltrService) Alps Pointing-device Filter Driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - 64bit-(Thpdrv) TOSHIBA HDD Protection Driver [Kernel \| Boot \| Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys (TOSHIBA Corporation) DRV:64bit: - 64bit-(PMCF) PMCF [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\PMCF.sys () DRV:64bit: - 64bit-(PGEffect) Pangu effect driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys (TOSHIBA Corporation) DRV:64bit: - 64bit-(RTL8169) Realtek 8169 NT Driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - 64bit-(rtl819xpn64) Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\rtl819xp.sys (Realtek Semiconductor Corporation ) DRV:64bit: - 64bit-(igfx) igfx [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation) DRV:64bit: - 64bit-(SymIM) Symantec Network Security Intermediate Filter Driver [Kernel \| System \| Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation) DRV:64bit: - 64bit-(SYMNDISV) SYMNDISV [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS (Symantec Corporation) DRV:64bit: - 64bit-(SYMTDI) SYMTDI [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\SYMTDI.SYS (Symantec Corporation) DRV:64bit: - 64bit-(SYMFW) SYMFW [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SYMFW.SYS (Symantec Corporation) DRV:64bit: - 64bit-(SYMREDRV) SYMREDRV [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV:64bit: - 64bit-(SYMDNS) SYMDNS [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SYMDNS.SYS (Symantec Corporation) DRV:64bit: - 64bit-(rimspci) rimspci [Kernel \| Auto \| Running] -- C:\Windows\SysNative\DRIVERS\rimspe64.sys (REDC) DRV:64bit: - 64bit-(iaStor) Intel AHCI Controller [Kernel \| Boot \| Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV:64bit: - 64bit-(tos_sps64) TOSHIBA tos_sps64 Service [Kernel \| Boot \| Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - 64bit-(rixdpcie) rixdpcie [Kernel \| Auto \| Running] -- C:\Windows\SysNative\DRIVERS\rixdpe64.sys (REDC) DRV:64bit: - 64bit-(COH_Mon) COH_Mon [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys (Symantec Corporation) DRV:64bit: - 64bit-(AgereSoftModem) TOSHIBA Software Modem [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems) DRV:64bit: - 64bit-(SRTSPL) SRTSPL [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS (Symantec Corporation) DRV:64bit: - 64bit-(SRTSP) SRTSP [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS (Symantec Corporation) DRV:64bit: - 64bit-(SRTSPX) SRTSPX [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS (Symantec Corporation) DRV:64bit: - 64bit-(UMPass) Microsoft UMPass Driver [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\umpass.sys (Microsoft Corporation) DRV:64bit: - 64bit-(WpdUsb) WpdUsb [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - 64bit-(usbvideo) USB Video Device (WDM) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys (Microsoft Corporation) DRV:64bit: - 64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys (Microsoft Corporation) DRV:64bit: - 64bit-(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - 64bit-(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel \| Boot \| Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - 64bit-(Thpevm) TOSHIBA HDD Protection - Shock Sensor Driver [Kernel \| Boot \| Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS (TOSHIBA Corporation) DRV:64bit: - 64bit-(RtlProt) Realtke RtlProt WLAN Utility Protocol Driver [Kernel \| System \| Running] -- C:\Windows\SysNative\DRIVERS\rtlprot.sys (Windows ® Codename Longhorn DDK provider) DRV:64bit: - 64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV - (eeCtrl) Symantec Eraser Control driver [Kernel \| System \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel \| On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVEX15) NAVEX15 [Kernel \| On_Demand \| Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091102.039\EX64.SYS (Symantec Corporation) DRV - (NAVENG) NAVENG [Kernel \| On_Demand \| Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091102.039\ENG64.SYS (Symantec Corporation) DRV - (IDSvia64) Symantec Intrusion Prevention Driver [Kernel \| System \| Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20091101.001\IDSviA64.sys (Symantec Corporation) DRV - (COH_Mon) COH_Mon [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\COH_Mon.inf () DRV - (Tcpip) TCP/IP Protocol Driver [Kernel \| Boot \| Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) Windows Firewall Authorization Driver [Kernel \| On_Demand \| Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.umt.edu/cas/login?service=htt....edu/umconnect/ IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files (x86)\AGI\common\agcutils.dll (TODO: <Company name>) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 12:16:23 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\toolbar@kiwee.com: C:\Program Files (x86)\Kiwee Toolbar\2.9.201\firefox [2009/09/03 23:00:42 \| 00,000,000 \| ---D \| M] O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll (AG Interactive) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll (AG Interactive) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll (AG Interactive) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [KiweeHook] C:\Program Files (x86)\Kiwee Toolbar\2.9.201\kwtbaim.exe (AG Interactive) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://chat.bresnan.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.146.17.3 69.145.248.4 69.146.17.2 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4d98e9ad-94e2-11de-b744-0026185e0d21}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found O33 - MountPoints2\{4d98e9b0-94e2-11de-b744-0026185e0d21}\Shell - "" = AutoRun O33 - MountPoints2\{4d98e9b0-94e2-11de-b744-0026185e0d21}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found 64bit:* O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/03 00:45:48 \| 00,000,000 \| ---D \| C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes [2009/11/03 00:45:44 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2009/11/03 00:45:42 \| 00,022,104 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2009/11/03 00:45:42 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/11/03 00:45:42 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/11/03 00:45:42 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2009/11/03 00:44:46 \| 04,045,544 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe [2009/11/03 00:37:15 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/11/02 18:29:09 \| 00,527,872 \| ---- \| C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2009/11/02 15:11:51 \| 00,000,000 \| ---D \| C] -- C:\Windows\Sun [2009/11/02 13:55:42 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Trend Micro [2009/10/31 19:30:35 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Adobe [2009/10/31 19:29:56 \| 00,000,000 \| -HSD \| C] -- C:\Config.Msi [2009/10/31 19:27:56 \| 00,000,000 \| ---D \| C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer [2009/10/31 19:25:52 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\NOS [2009/10/31 19:25:52 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\NOS [2009/10/28 02:00:51 \| 00,103,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2009/10/28 02:00:51 \| 00,092,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2009/10/28 02:00:50 \| 03,815,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll [2009/10/28 02:00:50 \| 01,164,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll [2009/10/28 02:00:50 \| 01,164,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll [2009/10/28 02:00:49 \| 03,023,360 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll [2009/10/27 13:35:12 \| 10,626,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2009/10/27 13:35:11 \| 00,372,736 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\unregmp2.exe [2009/10/27 13:35:11 \| 00,310,784 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe [2009/10/27 13:35:08 \| 13,428,224 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2009/10/27 13:35:05 \| 08,147,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2009/10/27 13:35:05 \| 08,147,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2009/10/18 11:11:51 \| 00,000,000 \| ---D \| C] -- C:\Users\Owner\AppData\Roaming\Move Networks [2009/10/18 10:18:24 \| 00,839,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2009/10/18 10:18:23 \| 01,050,112 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDTVVDEC.DLL [2009/10/18 10:18:23 \| 00,971,264 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2009/10/18 10:18:23 \| 00,763,904 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDTVVDEC.DLL [2009/10/18 10:18:23 \| 00,711,168 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2009/10/18 10:18:23 \| 00,604,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2009/10/13 17:49:52 \| 04,698,168 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2009/10/13 17:49:05 \| 00,818,688 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL [2009/10/13 17:49:05 \| 00,604,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL [2009/10/13 17:49:03 \| 05,940,224 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll [2009/10/13 17:49:02 \| 09,236,992 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll [2009/10/13 17:49:01 \| 12,461,568 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll [2009/10/13 17:49:00 \| 11,069,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll [2009/10/13 17:48:59 \| 02,334,208 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2009/10/13 17:48:59 \| 01,985,536 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll [2009/10/13 17:48:58 \| 01,484,288 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll [2009/10/13 17:48:58 \| 01,208,832 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll [2009/10/13 17:48:58 \| 01,147,904 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2009/10/13 17:48:58 \| 00,916,480 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2009/10/13 17:48:58 \| 00,459,776 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2009/10/13 17:48:57 \| 01,538,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2009/10/13 17:48:57 \| 01,469,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2009/10/13 17:48:57 \| 00,700,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2009/10/13 17:48:57 \| 00,594,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2009/10/13 17:48:57 \| 00,387,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2009/10/13 17:48:57 \| 00,243,712 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2009/10/13 17:48:57 \| 00,206,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2009/10/13 17:48:57 \| 00,184,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2009/10/13 17:48:57 \| 00,164,352 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2009/10/13 17:48:57 \| 00,162,816 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2009/10/13 17:48:56 \| 00,252,416 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2009/10/13 17:48:56 \| 00,219,136 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2009/10/13 17:48:56 \| 00,173,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2009/10/13 17:48:56 \| 00,133,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2009/10/13 17:48:56 \| 00,132,096 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2009/10/13 17:48:56 \| 00,109,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2009/10/13 17:48:56 \| 00,072,192 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2009/10/13 17:48:56 \| 00,071,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2009/10/13 17:48:56 \| 00,070,656 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2009/10/13 17:48:56 \| 00,055,296 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2009/10/13 17:48:56 \| 00,031,744 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2009/10/13 17:48:56 \| 00,025,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2009/10/13 17:48:56 \| 00,013,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2009/10/13 17:48:56 \| 00,012,288 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2009/10/13 17:48:55 \| 01,638,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb [2009/10/13 17:48:55 \| 01,638,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb [2009/10/13 17:48:55 \| 00,077,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2009/10/13 17:48:55 \| 00,071,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2009/10/13 17:48:55 \| 00,055,808 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2009/10/13 17:47:33 \| 00,269,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll [2009/10/13 17:47:33 \| 00,218,624 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll [2009/10/13 17:47:30 \| 00,174,592 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv2.sys [2009/10/13 17:47:29 \| 00,082,944 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2009/10/13 17:47:29 \| 00,060,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll ========== Files - Modified Within 30 Days ========== [2009/11/03 10:37:35 \| 02,097,152 \| -HS- \| M] () -- C:\Users\Owner\NTUSER.DAT [2009/11/03 09:00:03 \| 00,003,616 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/11/03 09:00:03 \| 00,003,616 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/11/03 03:41:56 \| 00,000,418 \| -H-- \| M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7C85C234-3402-4207-84FA-56FF5778275F}.job [2009/11/03 03:00:07 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/11/03 01:00:41 \| 00,690,960 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/11/03 01:00:41 \| 00,595,684 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2009/11/03 01:00:41 \| 00,101,350 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2009/11/03 00:55:09 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/11/03 00:55:04 \| 42,563,54304 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/03 00:54:22 \| 00,524,288 \| -HS- \| M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2009/11/03 00:54:22 \| 00,065,536 \| -HS- \| M] () -- C:\Users\Owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2009/11/03 00:54:21 \| 01,532,241 \| -H-- \| M] () -- C:\Users\Owner\AppData\Local\IconCache.db [2009/11/03 00:45:46 \| 00,000,820 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/03 00:45:03 \| 04,045,544 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe [2009/11/03 00:36:09 \| 00,000,492 \| ---- \| M] () -- C:\Windows\tasks\Norton AntiVirus - Run Full System Scan - Owner.job [2009/11/02 18:29:27 \| 00,291,328 \| ---- \| M] () -- C:\Users\Owner\Desktop\gmer.exe [2009/11/02 18:29:14 \| 00,527,872 \| ---- \| M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2009/11/02 13:55:43 \| 00,001,900 \| ---- \| M] () -- C:\Users\Owner\Desktop\HijackThis.lnk [2009/10/31 19:31:00 \| 00,001,889 \| ---- \| M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2009/10/31 19:26:48 \| 00,000,876 \| ---- \| M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk [2009/10/29 18:45:31 \| 08,092,402 \| ---- \| M] () -- C:\Users\Owner\Documents\phys systems test 4 study guide.docx [2009/10/28 23:20:48 \| 00,011,264 \| ---- \| M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/27 22:30:01 \| 00,030,208 \| ---- \| M] () -- C:\Users\Owner\Documents\kayla listening analysis.doc [2009/10/27 13:28:43 \| 00,075,712 \| ---- \| M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT [2009/10/27 13:26:36 \| 00,306,184 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2009/10/18 21:39:55 \| 00,015,741 \| ---- \| M] () -- C:\Users\Owner\Documents\resume final draft.docx [2009/10/18 11:16:54 \| 00,260,879 \| ---- \| M] () -- C:\Users\Owner\Documents\MoveMediaPlayerWin_071505000010.exe [2009/10/07 15:25:53 \| 02,627,518 \| ---- \| M] () -- C:\Users\Owner\Documents\spa manual.pdf ========== Files Created - No Company Name ========== [2009/11/03 00:45:46 \| 00,000,820 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/02 13:55:43 \| 00,001,900 \| ---- \| C] () -- C:\Users\Owner\Desktop\HijackThis.lnk [2009/10/31 19:31:00 \| 00,001,889 \| ---- \| C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2009/10/31 19:26:48 \| 00,000,876 \| ---- \| C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk [2009/10/29 18:45:27 \| 08,092,402 \| ---- \| C] () -- C:\Users\Owner\Documents\phys systems test 4 study guide.docx [2009/10/27 22:30:01 \| 00,030,208 \| ---- \| C] () -- C:\Users\Owner\Documents\kayla listening analysis.doc [2009/10/18 21:39:47 \| 00,015,741 \| ---- \| C] () -- C:\Users\Owner\Documents\resume final draft.docx [2009/10/18 11:16:49 \| 00,260,879 \| ---- \| C] () -- C:\Users\Owner\Documents\MoveMediaPlayerWin_071505000010.exe [2009/10/16 13:22:44 \| 00,291,328 \| ---- \| C] () -- C:\Users\Owner\Desktop\gmer.exe [2009/10/07 15:25:52 \| 02,627,518 \| ---- \| C] () -- C:\Users\Owner\Documents\spa manual.pdf [2009/09/23 18:02:24 \| 00,819,200 \| ---- \| C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/09/23 18:02:23 \| 00,180,224 \| ---- \| C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/09/03 23:00:20 \| 00,339,968 \| ---- \| C] () -- C:\Windows\SysWow64\pythoncom25.dll [2009/09/03 23:00:20 \| 00,114,688 \| ---- \| C] () -- C:\Windows\SysWow64\pywintypes25.dll [2009/08/25 20:11:56 \| 00,000,680 \| ---- \| C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2009/08/12 21:38:44 \| 00,011,264 \| ---- \| C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/10 06:56:02 \| 01,532,241 \| -H-- \| C] () -- C:\Users\Owner\AppData\Local\IconCache.db [2009/08/10 06:39:28 \| 00,368,640 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/08/10 06:39:10 \| 00,117,248 \| ---- \| C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/08/10 06:31:31 \| 00,075,712 \| ---- \| C] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT [2009/08/10 06:30:23 \| 00,000,013 \| RHS- \| C] () -- C:\Windows\SysWow64\drivers\fbd.sys [2009/07/10 09:15:02 \| 00,000,000 \| ---- \| C] () -- C:\Windows\NDSTray.INI [2009/07/10 09:00:26 \| 00,131,072 \| ---- \| C] () -- C:\Windows\SysWow64\EnumDevLib.dll [2009/05/11 11:53:18 \| 00,209,040 \| ---- \| C] () -- C:\Windows\SysWow64\IVIresizeW7.dll [2009/05/11 11:53:18 \| 00,204,944 \| ---- \| C] () -- C:\Windows\SysWow64\IVIresizeA6.dll [2009/05/11 11:53:18 \| 00,196,752 \| ---- \| C] () -- C:\Windows\SysWow64\IVIresizeP6.dll [2009/05/11 11:53:18 \| 00,196,752 \| ---- \| C] () -- C:\Windows\SysWow64\IVIresizeM6.dll [2009/05/11 11:53:18 \| 00,192,656 \| ---- \| C] () -- C:\Windows\SysWow64\IVIresizePX.dll [2009/05/11 11:53:18 \| 00,024,720 \| ---- \| C] () -- C:\Windows\SysWow64\IVIresize.dll [2008/01/20 19:50:05 \| 00,060,124 \| ---- \| C] () -- C:\Windows\SysWow64\tcpmon.ini [2006/11/02 08:25:49 \| 00,000,174 \| -HS- \| C] () -- C:\Program Files (x86)\desktop.ini [2006/11/02 08:07:25 \| 00,037,665 \| ---- \| C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2006/11/02 08:07:25 \| 00,029,779 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006/11/02 08:07:25 \| 00,026,489 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 08:07:25 \| 00,026,040 \| ---- \| C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 05:34:27 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 05:34:27 \| 00,000,144 \| ---- \| C] () -- C:\Windows\win.ini ========== LOP Check ========== [2009/09/04 00:11:45 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\agi [2009/10/29 18:45:42 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\BitTorrent [2009/08/10 06:31:16 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\PowerCinema [2009/09/23 17:35:07 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\TOSHIBA [2009/08/12 21:43:49 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\Ulead Systems [2009/09/28 21:38:31 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\uTorrent [2009/08/10 06:29:48 \| 00,000,000 \| ---D \| M] -- C:\Users\Owner\AppData\Roaming\WinBatch [2009/11/03 00:55:09 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\Tasks\SA.DAT [2009/11/03 00:54:24 \| 00,032,596 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/11/03 03:41:56 \| 00,000,418 \| -H-- \| M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7C85C234-3402-4207-84FA-56FF5778275F}.job ========== Purity Check ========== < End of report > This post has been edited by pfunk5: Nov 3 2009, 04:12 PM

pfunk5 View Member Profile	Nov 3 2009, 04:14 PM Post #8
Authentic Member Group: Authentic Member Posts: 30 Joined: 3-March 08 Member No.: 77,302 Operating System: Windows Vista	I am just adding another reply because for some reason it is not showing on the forum that I am the last post in this thread. I just want to make sure you can see that I have replied so that my thread does not get skipped over. Thanks.

oldman960 View Member Profile	Nov 3 2009, 07:17 PM Post #9
SuperMember Group: Classroom Teacher Posts: 3,910 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi Pfunk5, Your java is out of date. Click your start button, open Control panel. Locate the Java icon (it looks like a coffee cup) double click it to open it click the Update tab Click update now After the java is updated, reboot your computer if not prompted to. Next, clear the java cache To clear the Java Plug-in cache: Click Start > Control Panel. Double-click the Java icon in the control panel. On the General tab, Click Settings under Temporary Internet Files. On the Temporary Files Settings screen, Click Delete Files. check all boxes Click OK I'll have you do an online scan. As a Vista user, in order to do this scan,you will need to open your browser by right clicking and click Run as Adminstrator. Do not use that instance of the browser for any thing else as it will have adminstrator rights. Once the scan has completed and the results saved, close the browser. Open one in the normal way and return to this thread and post the requested logs. Panda Active Scan Once you are on the Panda site, click the Scan now button Note: If you are a Firefox user, Panda Active scan will detect that you are using Firefox and have you install a plug. Follow the steps as prompted. When prompted to install ActiveX control click Install On the update page, click on the security warning at the top of the page and select "Run ActiveX control..." Panda should now start scanning your system. When the scan completes, if anything malicious is detected, click the Export To...(with a little notepad icon) button, then Save the report to a convenient location. Post the contents of the Panda scan report Let me know how things are running now. Thanks

pfunk5 View Member Profile	Nov 3 2009, 09:17 PM Post #10
Authentic Member Group: Authentic Member Posts: 30 Joined: 3-March 08 Member No.: 77,302 Operating System: Windows Vista	When I go to control panel there is no Java icon anywhere. I went to Java's website and installed the latest version horwever. Still, I can't find a Java logo in control panel to clear the cache. The active scan is running now. I will post the log when it is all done. Computer is working well. No more pop-ups. Thanks a ton for the help you have provided thus far.

oldman960 View Member Profile	Nov 4 2009, 12:16 AM Post #11
SuperMember Group: Classroom Teacher Posts: 3,910 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi pfunk5, Nothing called Java™ Control Panel? Anyway you have the new version installed now. After the Panda scan: Click on Start > Control Panel and double click on Programs and Features. Uninstall this old version of Java Java™ 6 Update 11. We clear the cach with OTL after you post back.

pfunk5 View Member Profile	Nov 4 2009, 01:45 AM Post #12
Authentic Member Group: Authentic Member Posts: 30 Joined: 3-March 08 Member No.: 77,302 Operating System: Windows Vista	No there is nothing called Java cotrol panel. And when I go to programs to remove the old Java version it is not there. It only shows Java 6 Update 17 which is the new one. So I have left Java alone. Here is the Active Scan log: ;***************************************************************************** ***************************************************************************** *************** ANALYSIS: 2009-11-04 00:41:38 PROTECTIONS: 1 MALWARE: 13 SUSPECTS: 1 ;*************************************************************************** ***************************************************************************** ***************** PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== Norton AntiVirus Yes Yes ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\owner@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\owner@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\owner@atdmt[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\owner@247realmedia[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\owner@com[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\owner@ad.yieldmanager[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\owner@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\owner@bs.serving-sys[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\owner@advertising[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\owner@overture[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\owner@questionmarket[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\owner@zedo[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\low\owner@go[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\owner@go[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\owner\appdata\roaming\microsoft\windows\cookies\owner@target[1].txt ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================= =================== No c:\program files (x86)\corel\dvd moviefactory for toshiba\dvd moviefactory\sqplus.dll ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= ===================

oldman960 View Member Profile	Nov 4 2009, 08:17 AM Post #13
SuperMember Group: Classroom Teacher Posts: 3,910 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi pfunk5, The Panda detection is a false positive so it looks like your are clean. I don't know why the Java console doesn't show up. The installer must have removed the old version for you. Java has been working on this and it's seems to have worked. If everything seems to be ok, we can clean up the tools. Next, Right click on OTL.exe and chose Run as Administrator to run it Under the Custom Scans/Fixes box at the bottom, paste in the following Do Not copy the word CODE please note the fix starts with the : CODE :Commands [emptytemp] [start explorer] [reboot] Then click the Run Fix button at the top Let the program run unhindered No need to post the log. From your desktop, please delete any notepads/logs that we created GMER.zip GMER.exe Next Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself. We'll reset your restore points Click on the Start button* to open your Start Menu. Click on the Control Panel menu option. Click on the System and Maintenance menu option. Click on the System menu option. Click on System Protection in the left-hand task list. Create the manual restore point you should click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point. Type in a title for the manual restore point and press the Create button. Close the System window after you have been advised that the procedure has been successfully completed. Next, go to Start > Run and type in cleanmgr Select the More options tab Choose the option to clean up system restore and Ok it This will remove all restore points except the most recent one. I suggest you keep MBAM. Keep it updated and use it regularly. You can get a good temporary file cleaner from TFC Easy to use. Close any open windows. Open the program TFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted. The program should not take long to finish it's job Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean Some Recommendations and prevention tips Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. With MBAM you have the first 3. * If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended. These 2 are 64 bit compatible Outpost Comodo Download liks can be found HERE A guide to understanding and using the hosts file. Learn how your Hosts file can protect you and how you can protect it. Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file. HOSTS Please read the info on disabling the DNS Client before installing a custom hosts file. -Secure your Internet Explorer From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. - Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis - Keep your antivirus program updated, as well as any other security programs you have. -Check this site out to check for out of date programs Secunia Personal Software Inspector (PSI) 1.0 -More tips and programs can be found HERE - You may also want to read this article By Tony Klein http://www.freedomlist.com/forum/viewtopic.php?t=22879 We will keep this thread open for a couple of days. Please post back if you have any problems or questions. Please post back when you have finished so this thread can be marked "Resolved". Take care

pfunk5 View Member Profile	Nov 4 2009, 02:30 PM Post #14
Authentic Member Group: Authentic Member Posts: 30 Joined: 3-March 08 Member No.: 77,302 Operating System: Windows Vista	Ok so I got everything done up to the part about running cleanmgr. First, there is no run option under the start menu so I just searched "run" and it brought up the run tool. I typed in cleanmgr and i have 3 options: run, cancel, or browse. I am guessing I am to press run, which I did and then it asks me whether I want to clean up my files or all users files. Since I am the only user I selected my files. There is no "more options" tab like your post says so I can't choose to clean up system restore. However, everything else has been done and the computer is running well. I really appreciate all you have done to help me. THANK YOU!

oldman960 View Member Profile	Nov 4 2009, 08:07 PM Post #15
SuperMember Group: Classroom Teacher Posts: 3,910 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro	Hi pfunk, You need to run the command from an elevated run box. On Vista, if the run option isn't present when you click the Start button, check here Start button > Accesories. Right click on Run and click "Run as Adminstrator" Type cleanmgr , hit enter or click ok. Did that work?

« Next Oldest · Infections Removal · Next Newest »

2 Pages

1 2 >

Closed Topic

Start new topic

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Infections Removal [Resolved] Can only browse one site in IE6 12	20	Wakenaam	355	Today, 09:54 AM Last post by: Tomk
		Infections Removal [Resolved] Computer takeover 12	16	mesa215	276	Today, 12:05 AM Last post by: Raktor
		Infections Removal [Resolved] can not remove trojans 12	17	stjohn	352	Yesterday, 06:17 PM Last post by: CatByte
		Infections Removal [Resolved] Security Tool 1234	57	VanDavies	639	Yesterday, 05:20 PM Last post by: CatByte

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 20th November 2009 - 10:25 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2009 IPS, Inc.