Sign In
Create Account
1
Hi there,
I cannot seem to get rid of this trojan. It keeps coming up even after a scan.
below is my hijack this log.
look forward to hearing from you. thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:09 PM, on 5/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Users\jb hifi\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
E:\Computer Stuff\mbam-setup.exe
C:\Users\JBHIFI~1\AppData\Local\Temp\is-K6NEG.tmp\mbam-setup.tmp
E:\Computer Stuff\mbam-setup.exe
C:\Users\JBHIFI~1\AppData\Local\Temp\is-OAH95.tmp\mbam-setup.tmp
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6991 bytes
-
This topic is locked
Back to top
#2
Posted 26 July 2009 - 03:40 PM
-
- Moderators
-
- 4,241 posts
Eradicator de logiciels malveillants
- Gender:Male
- Location:USA
- Interests:Security, Windows, Windows Update, malware prevention
Hello mick23,
I need more detail before we proceed in more specific removal steps. Kindly start with the following:
Set Vista to Show all files:
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.
=
Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
Download Security Check by screen317 and save it to your Desktop: here or here
If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
=
Next, Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab. Make sure all option lines have a checkmark.
Next, Click the Update tab. Press the "Check for Updates" button.
At this time of posting, the current definitions are # 2504 or later. The latest program version is 1.39 (released July 13)
When done, click the Scanner tab.
Do a Quick Scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
=
Then copy/paste the following into your post (in order):
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
I need more detail before we proceed in more specific removal steps. Kindly start with the following:
Set Vista to Show all files:
- Click the Start button, and then click Computer.
- On the Organize menu, click Folder and Search Options.
- Click the View tab.
- Locate and uncheck Hide file extensions for known file types.
- Locate and uncheck Hide protected operating system files (Recommended).
- Locate and click Show hidden files and folders.
- Click Apply > OK.
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.
=
Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
- Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
- In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
- Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
- It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
- Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
- Exit OTL by clicking the X at top right.
Download Security Check by screen317 and save it to your Desktop: here or here
- Run Security Check
- Follow the onscreen instructions inside of the command window.
- A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.=
Next, Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab. Make sure all option lines have a checkmark.
Next, Click the Update tab. Press the "Check for Updates" button.
At this time of posting, the current definitions are # 2504 or later. The latest program version is 1.39 (released July 13)
When done, click the Scanner tab.
Do a Quick Scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
=
Then copy/paste the following into your post (in order):
- the contents of OTL.txt;
- the contents of Extras.txt ; and
- the contents of checkup.txt
- the contents of MBAM scan log
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)
MS-MVP (Oct 2002 - Sept 2010)
#3
Posted 27 July 2009 - 11:19 AM
-
- Members
-
- 3 posts
New Member
Hello Maurice,
thanks so much for your help.
here are my log files below:
OTL logfile created on: 7/27/2009 9:00:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\jb hifi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.22 Mb Total Physical Memory | 231.21 Mb Available Physical Memory | 22.82% Memory free
2.24 Gb Paging File | 1.16 Gb Available in Paging File | 51.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.37 Gb Total Space | 14.00 Gb Free Space | 13.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JBHIFI-PC
Current User Name: jb hifi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2008/06/20 11:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2008/09/10 12:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/29 16:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/21 12:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/02/05 13:24:36 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/02/05 13:24:18 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/02/05 13:24:28 | 00,129,560 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/05/27 20:58:39 | 02,815,408 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2008/02/05 13:24:32 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2006/10/05 14:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/12/26 07:07:14 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/01/22 09:54:46 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/11/22 11:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2008/01/18 09:27:34 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/12/04 10:03:52 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2006/08/24 09:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2009/03/03 12:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/02/18 23:01:01 | 00,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2008/10/29 16:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/27 20:58:42 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\jb hifi\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/09/10 12:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2006/10/05 14:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/28 04:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/12/26 07:07:14 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service [Auto | Running])
SRV - [2008/01/21 12:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 22:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 22:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/21 12:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/20 11:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
SRV - [2008/06/20 11:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/06/30 16:36:35 | 03,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/11/24 21:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [On_Demand | Stopped])
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/06/20 11:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/27 08:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2008/01/22 09:54:46 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv [Auto | Running])
SRV - [2007/11/22 11:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV - [2008/01/18 09:27:34 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])
SRV - [2007/12/04 10:03:52 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service [Auto | Running])
SRV - [2006/08/24 09:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2008/01/21 12:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/21 12:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services (SafeList) ==========
DRV - [2008/01/21 12:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/21 12:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/21 12:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/21 12:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/28 17:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006/11/02 19:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/21 12:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/21 12:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 18:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 18:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 18:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 18:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 18:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 18:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/21 12:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/01/21 12:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/21 12:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/21 08:11:14 | 00,007,168 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\DRIVERS\FwLnk.sys -- (FwLnk [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/01/21 12:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2007/09/30 16:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/01/21 12:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2007/09/13 16:23:50 | 01,925,632 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 19:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008/01/30 13:34:20 | 02,058,528 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 19:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 19:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/21 12:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/21 12:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/21 12:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006/11/02 19:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 19:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 17:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/01/21 12:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/21 12:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/07/25 18:34:13 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2006/11/02 16:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\Windows\system32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/01/21 12:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 19:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2007/12/28 21:21:54 | 00,104,448 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2007/12/26 12:20:32 | 00,290,304 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\DRIVERS\RTL8187B.sys -- (RTL8187B [On_Demand | Running])
DRV - [2007/04/24 03:50:50 | 00,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\DRIVERS\rtlprot.sys -- (RtlProt [System | Running])
DRV - [2008/02/21 15:01:08 | 00,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTSTOR.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2006/11/02 16:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/21 12:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 19:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 19:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 19:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/08/14 09:40:40 | 00,203,312 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/10/19 05:50:04 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
DRV - [2008/01/22 08:42:24 | 00,285,184 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32 [Boot | Running])
DRV - [2007/11/10 07:00:52 | 00,023,640 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ [Boot | Running])
DRV - [2008/01/21 12:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 19:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2007/12/18 04:45:20 | 00,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
DRV - [2008/01/21 12:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 F3 19 4B 48 08 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.8
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.34
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/29 13:08:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/26 16:55:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/26 16:55:54 | 00,000,000 | ---D | M]
[2008/07/21 05:29:34 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\mozilla\Extensions
[2008/07/21 05:29:34 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/26 14:33:32 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\mozilla\Firefox\Profiles\j0lbincq.default\extensions
[2008/12/19 20:58:50 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\mozilla\Firefox\Profiles\j0lbincq.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/06/29 13:12:36 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\mozilla\Firefox\Profiles\j0lbincq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/19 19:53:52 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\mozilla\Firefox\Profiles\j0lbincq.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/07/19 20:12:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/26 16:55:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/08 18:55:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/03 18:41:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/07 23:03:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/07/26 16:55:52 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/26 16:55:52 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/03/07 23:03:02 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/07/26 16:55:53 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/27 14:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 20:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/14 13:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/20 19:57:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/20 19:57:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/20 19:57:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/20 19:57:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/20 19:57:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/20 19:57:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/20 19:57:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/04/14 13:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/11/02 09:18:12 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/02 09:18:12 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/02 09:18:12 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/19 19:02:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/02 09:18:13 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/02 09:18:13 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\jb hifi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.21.20.20 203.10.1.9
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{34a366e0-5b3c-11dd-8cb4-001e333f1ef8}\Shell - "" = Autorun
O33 - MountPoints2\{34a366e0-5b3c-11dd-8cb4-001e333f1ef8}\Shell\Open\command - "" = RECYCLER\S-5-2-97-100010217-100022548-100032210-1513.com k:\
O33 - MountPoints2\{49cd2a53-3c64-11de-95c5-001e333f1ef8}\Shell\AutoRun\command - "" = E:\q9.cmd -- File not found
O33 - MountPoints2\{49cd2a53-3c64-11de-95c5-001e333f1ef8}\Shell\open\Command - "" = E:\q9.cmd -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
========== Files/Folders - Created Within 30 Days ==========
[1 C:\Windows\*.tmp files]
[2009/07/27 20:58:36 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\jb hifi\Desktop\OTL.exe
[2009/07/27 20:58:23 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/27 20:57:50 | 00,000,744 | ---- | C] () -- C:\Users\jb hifi\Desktop\NTREGOPT.lnk
[2009/07/27 20:57:50 | 00,000,725 | ---- | C] () -- C:\Users\jb hifi\Desktop\ERUNT.lnk
[2009/07/27 20:57:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/27 20:57:13 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\Documents\Downloads
[2009/07/27 20:57:06 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\AppData\Local\Adobe
[2009/07/27 20:51:25 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\AppData\Local\Apple Computer
[2009/07/26 23:31:38 | 02,210,670 | -H-- | C] () -- C:\Users\jb hifi\AppData\Local\IconCache.db
[2009/07/26 23:31:33 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Users\jb hifi\Desktop\ATF-Cleaner.exe
[2009/07/26 23:09:12 | 10,632,15104 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/26 19:22:57 | 00,000,922 | ---- | C] () -- C:\Users\jb hifi\Desktop\mbamm - Shortcut.lnk
[2009/07/26 16:56:16 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/07/21 18:52:58 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/21 18:52:58 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/21 18:52:58 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/21 18:52:58 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/20 21:30:16 | 00,000,500 | ---- | C] () -- C:\Users\jb hifi\Desktop\Downloads - Shortcut.lnk
[2009/07/20 19:59:10 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/20 19:59:04 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/07/20 19:59:04 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/07/20 19:58:50 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/20 19:58:45 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/20 19:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/20 19:57:26 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/07/20 19:56:30 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/07/19 20:11:39 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\AppData\Roaming\IDM
[2009/07/19 20:11:38 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\AppData\Roaming\DMCache
[2009/07/19 20:11:32 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2009/07/19 16:58:10 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\AppData\Roaming\BITS
[2009/07/19 16:58:10 | 00,000,000 | ---D | C] -- C:\profiles
[2009/07/19 16:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\FlashGet Network
[2009/07/19 15:41:33 | 00,000,000 | ---D | C] -- C:\ZCVideoConverter
[2009/07/19 15:40:21 | 00,000,853 | ---- | C] () -- C:\Users\jb hifi\Desktop\ZC Video Converter.lnk
[2009/07/19 15:40:15 | 00,000,000 | ---D | C] -- C:\Program Files\ZC Video Converter
[2009/07/19 15:30:42 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\AppData\Roaming\DVD Flick
[2009/07/19 15:30:20 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx
[2009/07/19 15:30:20 | 00,081,920 | ---- | C] (Marco Bellinaso) -- C:\Windows\System32\mbmouse.ocx
[2009/07/19 15:30:20 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon.ocx
[2009/07/19 15:30:19 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2009/07/11 13:19:32 | 00,343,040 | ---- | C] () -- C:\Users\jb hifi\Desktop\rand1107.xls
[2009/06/29 12:57:12 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/29 12:57:12 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/29 12:57:11 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/29 12:57:10 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/06/29 12:57:10 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/29 12:57:10 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/29 12:57:10 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/29 12:57:10 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/06/29 12:57:10 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/06/29 12:57:10 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/29 12:57:09 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/29 12:57:09 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/06/29 12:57:09 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/06/29 12:56:32 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/06/29 12:56:32 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/06/29 12:56:32 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/06/29 12:56:31 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/06/29 12:56:30 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/06/29 12:55:32 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/06/29 12:55:27 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/06/29 12:55:24 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/28 15:22:21 | 00,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003UA.job
[2009/06/28 15:22:11 | 00,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003Core.job
[2009/05/31 19:54:57 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/31 19:54:55 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/05/31 19:54:55 | 00,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/31 19:54:55 | 00,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/31 19:54:53 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/31 19:54:53 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/12/31 16:04:42 | 00,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/08/05 20:17:16 | 00,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/07/25 18:44:16 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/07/01 07:00:37 | 00,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/07/01 06:58:24 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/07/01 06:58:24 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/07/01 06:58:24 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/07/01 06:58:24 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/07/01 06:58:24 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/07/01 06:58:24 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/07/01 06:25:01 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/07/01 06:25:01 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/07/01 06:25:01 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/07/01 06:25:01 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/12 10:10:35 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/12 09:16:12 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/12 09:05:13 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/12 09:05:13 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/02/12 09:05:13 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008/02/12 09:05:13 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/01/29 11:01:42 | 00,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/29 11:01:06 | 00,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/29 10:53:02 | 06,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/29 10:53:02 | 00,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/29 10:53:02 | 00,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/29 10:52:28 | 00,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2006/11/02 22:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 17:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== Files - Modified Within 30 Days ==========
[1 C:\Windows\*.tmp files]
[2009/07/27 20:58:42 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\jb hifi\Desktop\OTL.exe
[2009/07/27 20:57:50 | 00,000,744 | ---- | M] () -- C:\Users\jb hifi\Desktop\NTREGOPT.lnk
[2009/07/27 20:57:50 | 00,000,725 | ---- | M] () -- C:\Users\jb hifi\Desktop\ERUNT.lnk
[2009/07/27 20:50:35 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/27 20:50:19 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/27 20:50:19 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/27 20:50:00 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/27 20:49:54 | 10,632,15104 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/26 23:31:38 | 02,210,670 | -H-- | M] () -- C:\Users\jb hifi\AppData\Local\IconCache.db
[2009/07/26 23:27:00 | 00,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003UA.job
[2009/07/26 22:35:34 | 00,000,680 | ---- | M] () -- C:\Users\jb hifi\AppData\Local\d3d9caps.dat
[2009/07/26 19:22:57 | 00,000,922 | ---- | M] () -- C:\Users\jb hifi\Desktop\mbamm - Shortcut.lnk
[2009/07/26 17:51:48 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Users\jb hifi\Desktop\ATF-Cleaner.exe
[2009/07/26 15:27:01 | 00,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003Core.job
[2009/07/21 21:40:18 | 00,124,928 | ---- | M] () -- C:\Users\jb hifi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/21 20:38:45 | 00,398,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/20 21:30:16 | 00,000,500 | ---- | M] () -- C:\Users\jb hifi\Desktop\Downloads - Shortcut.lnk
[2009/07/20 19:59:10 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/19 15:40:21 | 00,000,853 | ---- | M] () -- C:\Users\jb hifi\Desktop\ZC Video Converter.lnk
[2009/07/18 23:27:39 | 00,002,063 | ---- | M] () -- C:\Users\jb hifi\Desktop\Google Chrome.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/11 13:19:38 | 00,343,040 | ---- | M] () -- C:\Users\jb hifi\Desktop\rand1107.xls
========== LOP Check ==========
[2009/07/19 20:11:39 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming
[2009/07/19 21:11:44 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\BITS
[2009/03/17 21:13:06 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\BitZipper
[2009/07/27 20:50:48 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\DMCache
[2009/07/19 15:30:42 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\DVD Flick
[2008/07/21 07:36:01 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\FlashGet
[2009/07/26 15:43:26 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\IDM
[2006/11/02 22:37:34 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\Media Center Programs
[2008/11/13 15:07:32 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\Red Kawa
[2009/03/06 00:46:37 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\toshiba
[2008/09/13 20:46:15 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\Ulead Systems
[2009/07/25 20:40:29 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\Vso
[2009/07/26 15:27:01 | 00,000,864 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003Core.job
[2009/07/26 23:27:00 | 00,000,916 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003UA.job
[2009/07/27 20:50:35 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/26 23:31:48 | 00,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 22528 bytes -> C:\Windows\System32\autochk.exe:BAK
< End of report >
OTL Extras logfile created on: 7/27/2009 9:00:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\jb hifi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.22 Mb Total Physical Memory | 231.21 Mb Available Physical Memory | 22.82% Memory free
2.24 Gb Paging File | 1.16 Gb Available in Paging File | 51.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.37 Gb Total Space | 14.00 Gb Free Space | 13.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JBHIFI-PC
Current User Name: jb hifi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3561FD47-1FAA-4474-9249-215F7625E1DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8DB1C425-6DB6-4447-A4EA-391FB55A55FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FDB8D6F1-C1F7-4297-A99E-A4ACD6C5807B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14C3311A-8FDB-42A9-9BE9-CE2F7553280B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{1C686C7C-7E45-428F-A207-FD508D85EBDC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42A5A85C-27A5-4E7E-A528-380EE13F23C0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{607DD15E-900B-4B2B-B88E-500276962E6A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{895F26A2-18A5-483F-BF6C-3998EC8DB426}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{97549CAD-195C-4F07-BC8A-8BEC713E667A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A5D66E85-47E3-4140-8A5C-828408E4DB2F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AE161CFF-5D40-483E-ADC7-D0D14BB8EE44}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DDC20CB2-7B12-430E-8BDF-DA19919063BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE0393D8-69CA-4E6C-9D1D-40A9631568D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{9896AF06-FEF8-4562-99A5-6443A67F8C0A}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe |
"TCP Query User{D7BD85C0-EC67-493F-9B7C-F89E7C7D18EF}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{E6182064-41CE-4F8D-B710-E03727558040}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FB17CC25-3C01-4227-A355-9111B272BA2D}C:\program files\spssinc\spss16\spss.exe" = protocol=6 | dir=in | app=c:\program files\spssinc\spss16\spss.exe |
"UDP Query User{3FF9806B-6A6E-4184-A5A0-C27976048FFD}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe |
"UDP Query User{569824CE-3710-4F11-8648-11491444F645}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{73E036C8-9C08-4EB0-851D-96AEF70D2753}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{760EE142-EEBF-4D04-8D97-FAF525FED6D3}C:\program files\spssinc\spss16\spss.exe" = protocol=17 | dir=in | app=c:\program files\spssinc\spss16\spss.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A657E90-E2B7-44DE-8929-055948162595}" = SPSS 16.0
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4A9AE3D-4FE0-45A8-93A5-A0F600171768}" = iPhoneBrowser
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Allok AVI to DVD SVCD VCD Converter_is1" = Allok AVI to DVD SVCD VCD Converter 3.2.0920
"AviSynth" = AviSynth 2.5
"BitZipper_is1" = BitZipper 5.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner (remove only)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"PokerStars.net" = PokerStars.net
"PROHYBRIDR" = 2007 Microsoft Office system
"Startup Optimizer_is1" = Startup Optimizer 1.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Videora iPod Converter" = Videora iPod Converter 4.03
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.0.5
"ZC Video Converter_is1" = ZC Video Converter 1.7.3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/19/2009 5:53:10 AM | Computer Name = jbhifi-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 7/19/2009 5:53:11 AM | Computer Name = jbhifi-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 7/19/2009 5:53:11 AM | Computer Name = jbhifi-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 7/19/2009 6:54:19 AM | Computer Name = jbhifi-PC | Source = SPP | ID = 16387
Description =
Error - 7/19/2009 6:54:19 AM | Computer Name = jbhifi-PC | Source = System Restore | ID = 8193
Description =
Error - 7/19/2009 6:54:19 AM | Computer Name = jbhifi-PC | Source = System Restore | ID = 8210
Description =
Error - 7/20/2009 5:54:27 AM | Computer Name = jbhifi-PC | Source = SPP | ID = 16387
Description =
Error - 7/20/2009 5:54:27 AM | Computer Name = jbhifi-PC | Source = System Restore | ID = 8193
Description =
Error - 7/20/2009 5:54:36 AM | Computer Name = jbhifi-PC | Source = SPP | ID = 16387
Description =
Error - 7/20/2009 5:54:36 AM | Computer Name = jbhifi-PC | Source = System Restore | ID = 8193
Description =
[ OSession Events ]
Error - 6/28/2009 10:05:27 PM | Computer Name = jbhifi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 2/11/2009 8:36:59 AM | Computer Name = jbhifi-PC | Source = DCOM | ID = 10005
Description =
Error - 2/11/2009 8:36:59 AM | Computer Name = jbhifi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 2/11/2009 8:36:59 AM | Computer Name = jbhifi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2/11/2009 8:36:59 AM | Computer Name = jbhifi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 2/11/2009 8:36:59 AM | Computer Name = jbhifi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2/12/2009 12:10:04 PM | Computer Name = jbhifi-PC | Source = DCOM | ID = 10010
Description =
Error - 2/12/2009 12:12:09 PM | Computer Name = jbhifi-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 2/12/2009 12:15:00 PM | Computer Name = jbhifi-PC | Source = HTTP | ID = 15016
Description =
Error - 2/13/2009 7:31:49 PM | Computer Name = jbhifi-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 2/14/2009 12:04:25 PM | Computer Name = jbhifi-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Results of screen317's Security Check version 0.98.5
Windows Vista Service Pack 1
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 12
Java™ 6 Update 3
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe is disabled!
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Very random)
`````````End of Log```````````
Malwarebytes' Anti-Malware 1.39
Database version: 2510
Windows 6.0.6001 Service Pack 1
7/27/2009 9:12:45 PM
mbam-log-2009-07-27 (21-12-45).txt
Scan type: Quick Scan
Objects scanned: 87727
Time elapsed: 3 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
\\?\globalroot\systemroot\System32\hjgruivwqrpvpi.dll (Trojan.TDSS) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
\\?\globalroot\systemroot\System32\hjgruivwqrpvpi.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
thanks so much for your help.
here are my log files below:
OTL logfile created on: 7/27/2009 9:00:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\jb hifi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.22 Mb Total Physical Memory | 231.21 Mb Available Physical Memory | 22.82% Memory free
2.24 Gb Paging File | 1.16 Gb Available in Paging File | 51.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.37 Gb Total Space | 14.00 Gb Free Space | 13.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JBHIFI-PC
Current User Name: jb hifi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2008/06/20 11:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2008/09/10 12:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/10/29 16:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/21 12:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/02/05 13:24:36 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/02/05 13:24:18 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/02/05 13:24:28 | 00,129,560 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/05/27 20:58:39 | 02,815,408 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2008/02/05 13:24:32 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2006/10/05 14:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/12/26 07:07:14 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/01/22 09:54:46 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/11/22 11:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2008/01/18 09:27:34 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/12/04 10:03:52 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2006/08/24 09:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2009/03/03 12:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/02/18 23:01:01 | 00,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2008/10/29 16:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/27 20:58:42 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\jb hifi\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/09/10 12:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2006/10/05 14:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/28 04:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/12/26 07:07:14 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service [Auto | Running])
SRV - [2008/01/21 12:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 22:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 22:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/21 12:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/20 11:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
SRV - [2008/06/20 11:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/06/30 16:36:35 | 03,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/11/24 21:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [On_Demand | Stopped])
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/06/20 11:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/27 08:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2008/01/22 09:54:46 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv [Auto | Running])
SRV - [2007/11/22 11:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV - [2008/01/18 09:27:34 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])
SRV - [2007/12/04 10:03:52 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service [Auto | Running])
SRV - [2006/08/24 09:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2008/01/21 12:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/21 12:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services (SafeList) ==========
DRV - [2008/01/21 12:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/21 12:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/21 12:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/21 12:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/28 17:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006/11/02 19:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/21 12:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/21 12:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 18:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 18:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 18:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 18:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 18:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 18:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/21 12:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/01/21 12:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/21 12:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/21 08:11:14 | 00,007,168 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\DRIVERS\FwLnk.sys -- (FwLnk [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/01/21 12:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2007/09/30 16:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/01/21 12:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2007/09/13 16:23:50 | 01,925,632 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 19:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008/01/30 13:34:20 | 02,058,528 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 19:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 19:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/21 12:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/21 12:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/21 12:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006/11/02 19:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 19:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 17:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/01/21 12:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/21 12:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/07/25 18:34:13 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2006/11/02 16:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\Windows\system32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/01/21 12:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 19:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2007/12/28 21:21:54 | 00,104,448 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2007/12/26 12:20:32 | 00,290,304 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\DRIVERS\RTL8187B.sys -- (RTL8187B [On_Demand | Running])
DRV - [2007/04/24 03:50:50 | 00,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\DRIVERS\rtlprot.sys -- (RtlProt [System | Running])
DRV - [2008/02/21 15:01:08 | 00,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTSTOR.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2006/11/02 16:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/21 12:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 19:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 19:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 19:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/08/14 09:40:40 | 00,203,312 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/10/19 05:50:04 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
DRV - [2008/01/22 08:42:24 | 00,285,184 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32 [Boot | Running])
DRV - [2007/11/10 07:00:52 | 00,023,640 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ [Boot | Running])
DRV - [2008/01/21 12:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 19:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2007/12/18 04:45:20 | 00,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
DRV - [2008/01/21 12:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/21 12:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 F3 19 4B 48 08 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.8
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.34
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/29 13:08:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/26 16:55:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/26 16:55:54 | 00,000,000 | ---D | M]
[2008/07/21 05:29:34 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\mozilla\Extensions
[2008/07/21 05:29:34 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/26 14:33:32 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\mozilla\Firefox\Profiles\j0lbincq.default\extensions
[2008/12/19 20:58:50 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\mozilla\Firefox\Profiles\j0lbincq.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/06/29 13:12:36 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\mozilla\Firefox\Profiles\j0lbincq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/19 19:53:52 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\mozilla\Firefox\Profiles\j0lbincq.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/07/19 20:12:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/26 16:55:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/08 18:55:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/03 18:41:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/07 23:03:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/07/26 16:55:52 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/26 16:55:52 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/03/07 23:03:02 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/07/26 16:55:53 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/27 14:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 20:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/14 13:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/20 19:57:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/20 19:57:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/20 19:57:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/20 19:57:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/20 19:57:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/20 19:57:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/20 19:57:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/04/14 13:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/11/02 09:18:12 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/02 09:18:12 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/02 09:18:12 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/19 19:02:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/02 09:18:13 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/02 09:18:13 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\jb hifi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.21.20.20 203.10.1.9
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{34a366e0-5b3c-11dd-8cb4-001e333f1ef8}\Shell - "" = Autorun
O33 - MountPoints2\{34a366e0-5b3c-11dd-8cb4-001e333f1ef8}\Shell\Open\command - "" = RECYCLER\S-5-2-97-100010217-100022548-100032210-1513.com k:\
O33 - MountPoints2\{49cd2a53-3c64-11de-95c5-001e333f1ef8}\Shell\AutoRun\command - "" = E:\q9.cmd -- File not found
O33 - MountPoints2\{49cd2a53-3c64-11de-95c5-001e333f1ef8}\Shell\open\Command - "" = E:\q9.cmd -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
========== Files/Folders - Created Within 30 Days ==========
[1 C:\Windows\*.tmp files]
[2009/07/27 20:58:36 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\jb hifi\Desktop\OTL.exe
[2009/07/27 20:58:23 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/27 20:57:50 | 00,000,744 | ---- | C] () -- C:\Users\jb hifi\Desktop\NTREGOPT.lnk
[2009/07/27 20:57:50 | 00,000,725 | ---- | C] () -- C:\Users\jb hifi\Desktop\ERUNT.lnk
[2009/07/27 20:57:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/27 20:57:13 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\Documents\Downloads
[2009/07/27 20:57:06 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\AppData\Local\Adobe
[2009/07/27 20:51:25 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\AppData\Local\Apple Computer
[2009/07/26 23:31:38 | 02,210,670 | -H-- | C] () -- C:\Users\jb hifi\AppData\Local\IconCache.db
[2009/07/26 23:31:33 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Users\jb hifi\Desktop\ATF-Cleaner.exe
[2009/07/26 23:09:12 | 10,632,15104 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/26 19:22:57 | 00,000,922 | ---- | C] () -- C:\Users\jb hifi\Desktop\mbamm - Shortcut.lnk
[2009/07/26 16:56:16 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/07/21 18:52:58 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/21 18:52:58 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/21 18:52:58 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/21 18:52:58 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/20 21:30:16 | 00,000,500 | ---- | C] () -- C:\Users\jb hifi\Desktop\Downloads - Shortcut.lnk
[2009/07/20 19:59:10 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/20 19:59:04 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/07/20 19:59:04 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/07/20 19:58:50 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/20 19:58:45 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/20 19:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/20 19:57:26 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/07/20 19:56:30 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/07/19 20:11:39 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\AppData\Roaming\IDM
[2009/07/19 20:11:38 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\AppData\Roaming\DMCache
[2009/07/19 20:11:32 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2009/07/19 16:58:10 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\AppData\Roaming\BITS
[2009/07/19 16:58:10 | 00,000,000 | ---D | C] -- C:\profiles
[2009/07/19 16:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\FlashGet Network
[2009/07/19 15:41:33 | 00,000,000 | ---D | C] -- C:\ZCVideoConverter
[2009/07/19 15:40:21 | 00,000,853 | ---- | C] () -- C:\Users\jb hifi\Desktop\ZC Video Converter.lnk
[2009/07/19 15:40:15 | 00,000,000 | ---D | C] -- C:\Program Files\ZC Video Converter
[2009/07/19 15:30:42 | 00,000,000 | ---D | C] -- C:\Users\jb hifi\AppData\Roaming\DVD Flick
[2009/07/19 15:30:20 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx
[2009/07/19 15:30:20 | 00,081,920 | ---- | C] (Marco Bellinaso) -- C:\Windows\System32\mbmouse.ocx
[2009/07/19 15:30:20 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon.ocx
[2009/07/19 15:30:19 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2009/07/11 13:19:32 | 00,343,040 | ---- | C] () -- C:\Users\jb hifi\Desktop\rand1107.xls
[2009/06/29 12:57:12 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/29 12:57:12 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/29 12:57:11 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/29 12:57:10 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/06/29 12:57:10 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/29 12:57:10 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/29 12:57:10 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/29 12:57:10 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/06/29 12:57:10 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/06/29 12:57:10 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/29 12:57:09 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/29 12:57:09 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/06/29 12:57:09 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/06/29 12:56:32 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/06/29 12:56:32 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/06/29 12:56:32 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/06/29 12:56:31 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/06/29 12:56:30 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/06/29 12:55:32 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/06/29 12:55:27 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/06/29 12:55:24 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/28 15:22:21 | 00,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003UA.job
[2009/06/28 15:22:11 | 00,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003Core.job
[2009/05/31 19:54:57 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/31 19:54:55 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/05/31 19:54:55 | 00,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/31 19:54:55 | 00,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/31 19:54:53 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/31 19:54:53 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/12/31 16:04:42 | 00,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/08/05 20:17:16 | 00,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/07/25 18:44:16 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/07/01 07:00:37 | 00,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/07/01 06:58:24 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/07/01 06:58:24 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/07/01 06:58:24 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/07/01 06:58:24 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/07/01 06:58:24 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/07/01 06:58:24 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/07/01 06:25:01 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/07/01 06:25:01 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/07/01 06:25:01 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/07/01 06:25:01 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/12 10:10:35 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/12 09:16:12 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/12 09:05:13 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/12 09:05:13 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/02/12 09:05:13 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008/02/12 09:05:13 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/01/29 11:01:42 | 00,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/29 11:01:06 | 00,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/29 10:53:02 | 06,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/29 10:53:02 | 00,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/29 10:53:02 | 00,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/29 10:52:28 | 00,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2006/11/02 22:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 17:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== Files - Modified Within 30 Days ==========
[1 C:\Windows\*.tmp files]
[2009/07/27 20:58:42 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\jb hifi\Desktop\OTL.exe
[2009/07/27 20:57:50 | 00,000,744 | ---- | M] () -- C:\Users\jb hifi\Desktop\NTREGOPT.lnk
[2009/07/27 20:57:50 | 00,000,725 | ---- | M] () -- C:\Users\jb hifi\Desktop\ERUNT.lnk
[2009/07/27 20:50:35 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/27 20:50:19 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/27 20:50:19 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/27 20:50:00 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/27 20:49:54 | 10,632,15104 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/26 23:31:38 | 02,210,670 | -H-- | M] () -- C:\Users\jb hifi\AppData\Local\IconCache.db
[2009/07/26 23:27:00 | 00,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003UA.job
[2009/07/26 22:35:34 | 00,000,680 | ---- | M] () -- C:\Users\jb hifi\AppData\Local\d3d9caps.dat
[2009/07/26 19:22:57 | 00,000,922 | ---- | M] () -- C:\Users\jb hifi\Desktop\mbamm - Shortcut.lnk
[2009/07/26 17:51:48 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Users\jb hifi\Desktop\ATF-Cleaner.exe
[2009/07/26 15:27:01 | 00,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003Core.job
[2009/07/21 21:40:18 | 00,124,928 | ---- | M] () -- C:\Users\jb hifi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/21 20:38:45 | 00,398,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/20 21:30:16 | 00,000,500 | ---- | M] () -- C:\Users\jb hifi\Desktop\Downloads - Shortcut.lnk
[2009/07/20 19:59:10 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/19 15:40:21 | 00,000,853 | ---- | M] () -- C:\Users\jb hifi\Desktop\ZC Video Converter.lnk
[2009/07/18 23:27:39 | 00,002,063 | ---- | M] () -- C:\Users\jb hifi\Desktop\Google Chrome.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/11 13:19:38 | 00,343,040 | ---- | M] () -- C:\Users\jb hifi\Desktop\rand1107.xls
========== LOP Check ==========
[2009/07/19 20:11:39 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming
[2009/07/19 21:11:44 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\BITS
[2009/03/17 21:13:06 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\BitZipper
[2009/07/27 20:50:48 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\DMCache
[2009/07/19 15:30:42 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\DVD Flick
[2008/07/21 07:36:01 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\FlashGet
[2009/07/26 15:43:26 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\IDM
[2006/11/02 22:37:34 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\Media Center Programs
[2008/11/13 15:07:32 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\Red Kawa
[2009/03/06 00:46:37 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\toshiba
[2008/09/13 20:46:15 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\Ulead Systems
[2009/07/25 20:40:29 | 00,000,000 | ---D | M] -- C:\Users\jb hifi\AppData\Roaming\Vso
[2009/07/26 15:27:01 | 00,000,864 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003Core.job
[2009/07/26 23:27:00 | 00,000,916 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003UA.job
[2009/07/27 20:50:35 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/26 23:31:48 | 00,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 22528 bytes -> C:\Windows\System32\autochk.exe:BAK
< End of report >
OTL Extras logfile created on: 7/27/2009 9:00:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\jb hifi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.22 Mb Total Physical Memory | 231.21 Mb Available Physical Memory | 22.82% Memory free
2.24 Gb Paging File | 1.16 Gb Available in Paging File | 51.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.37 Gb Total Space | 14.00 Gb Free Space | 13.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JBHIFI-PC
Current User Name: jb hifi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3561FD47-1FAA-4474-9249-215F7625E1DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8DB1C425-6DB6-4447-A4EA-391FB55A55FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FDB8D6F1-C1F7-4297-A99E-A4ACD6C5807B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14C3311A-8FDB-42A9-9BE9-CE2F7553280B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{1C686C7C-7E45-428F-A207-FD508D85EBDC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42A5A85C-27A5-4E7E-A528-380EE13F23C0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{607DD15E-900B-4B2B-B88E-500276962E6A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{895F26A2-18A5-483F-BF6C-3998EC8DB426}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{97549CAD-195C-4F07-BC8A-8BEC713E667A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A5D66E85-47E3-4140-8A5C-828408E4DB2F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AE161CFF-5D40-483E-ADC7-D0D14BB8EE44}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DDC20CB2-7B12-430E-8BDF-DA19919063BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE0393D8-69CA-4E6C-9D1D-40A9631568D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{9896AF06-FEF8-4562-99A5-6443A67F8C0A}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe |
"TCP Query User{D7BD85C0-EC67-493F-9B7C-F89E7C7D18EF}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{E6182064-41CE-4F8D-B710-E03727558040}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FB17CC25-3C01-4227-A355-9111B272BA2D}C:\program files\spssinc\spss16\spss.exe" = protocol=6 | dir=in | app=c:\program files\spssinc\spss16\spss.exe |
"UDP Query User{3FF9806B-6A6E-4184-A5A0-C27976048FFD}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe |
"UDP Query User{569824CE-3710-4F11-8648-11491444F645}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{73E036C8-9C08-4EB0-851D-96AEF70D2753}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{760EE142-EEBF-4D04-8D97-FAF525FED6D3}C:\program files\spssinc\spss16\spss.exe" = protocol=17 | dir=in | app=c:\program files\spssinc\spss16\spss.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A657E90-E2B7-44DE-8929-055948162595}" = SPSS 16.0
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4A9AE3D-4FE0-45A8-93A5-A0F600171768}" = iPhoneBrowser
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Allok AVI to DVD SVCD VCD Converter_is1" = Allok AVI to DVD SVCD VCD Converter 3.2.0920
"AviSynth" = AviSynth 2.5
"BitZipper_is1" = BitZipper 5.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner (remove only)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"PokerStars.net" = PokerStars.net
"PROHYBRIDR" = 2007 Microsoft Office system
"Startup Optimizer_is1" = Startup Optimizer 1.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Videora iPod Converter" = Videora iPod Converter 4.03
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.0.5
"ZC Video Converter_is1" = ZC Video Converter 1.7.3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/19/2009 5:53:10 AM | Computer Name = jbhifi-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 7/19/2009 5:53:11 AM | Computer Name = jbhifi-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 7/19/2009 5:53:11 AM | Computer Name = jbhifi-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 7/19/2009 6:54:19 AM | Computer Name = jbhifi-PC | Source = SPP | ID = 16387
Description =
Error - 7/19/2009 6:54:19 AM | Computer Name = jbhifi-PC | Source = System Restore | ID = 8193
Description =
Error - 7/19/2009 6:54:19 AM | Computer Name = jbhifi-PC | Source = System Restore | ID = 8210
Description =
Error - 7/20/2009 5:54:27 AM | Computer Name = jbhifi-PC | Source = SPP | ID = 16387
Description =
Error - 7/20/2009 5:54:27 AM | Computer Name = jbhifi-PC | Source = System Restore | ID = 8193
Description =
Error - 7/20/2009 5:54:36 AM | Computer Name = jbhifi-PC | Source = SPP | ID = 16387
Description =
Error - 7/20/2009 5:54:36 AM | Computer Name = jbhifi-PC | Source = System Restore | ID = 8193
Description =
[ OSession Events ]
Error - 6/28/2009 10:05:27 PM | Computer Name = jbhifi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 2/11/2009 8:36:59 AM | Computer Name = jbhifi-PC | Source = DCOM | ID = 10005
Description =
Error - 2/11/2009 8:36:59 AM | Computer Name = jbhifi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 2/11/2009 8:36:59 AM | Computer Name = jbhifi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2/11/2009 8:36:59 AM | Computer Name = jbhifi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 2/11/2009 8:36:59 AM | Computer Name = jbhifi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2/12/2009 12:10:04 PM | Computer Name = jbhifi-PC | Source = DCOM | ID = 10010
Description =
Error - 2/12/2009 12:12:09 PM | Computer Name = jbhifi-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 2/12/2009 12:15:00 PM | Computer Name = jbhifi-PC | Source = HTTP | ID = 15016
Description =
Error - 2/13/2009 7:31:49 PM | Computer Name = jbhifi-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 2/14/2009 12:04:25 PM | Computer Name = jbhifi-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Results of screen317's Security Check version 0.98.5
Windows Vista Service Pack 1
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 12
Java™ 6 Update 3
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe is disabled!
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Very random)
`````````End of Log```````````
Malwarebytes' Anti-Malware 1.39
Database version: 2510
Windows 6.0.6001 Service Pack 1
7/27/2009 9:12:45 PM
mbam-log-2009-07-27 (21-12-45).txt
Scan type: Quick Scan
Objects scanned: 87727
Time elapsed: 3 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
\\?\globalroot\systemroot\System32\hjgruivwqrpvpi.dll (Trojan.TDSS) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
\\?\globalroot\systemroot\System32\hjgruivwqrpvpi.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
#4
Posted 27 July 2009 - 02:38 PM
-
- Moderators
-
- 4,241 posts
Eradicator de logiciels malveillants
- Gender:Male
- Location:USA
- Interests:Security, Windows, Windows Update, malware prevention
Hello Mick,
You will want to print out or copy these instructions to Notepad for offline reference!
If you are a casual viewer, do NOT try this on your system!
If you are not mick23 and have a similar problem, do NOT post here; start your own topic
Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.
Have infinite patience while any of these are running (especially with Combofix below)
Do NOT do any websurfing; nor play online games.
Only go to websites I guide you to and to this forum.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
If you have a prior copy of Combofix, delete it now !
Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.
Link 1
Link 2
Link 3
* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.
IF you should see a message like this:
then, be sure to write down fully and also copy that into your next reply here and then await for my response.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.
=
Next, Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab. Make sure all option lines have a checkmark.
Next, Click the Update tab. Press the "Check for Updates" button.
At this time of posting, the current definitions are # 2510 or later. The latest program version is 1.39 (released July 13)
When done, click the Scanner tab.
Do a Quick Scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
=
RE-Enable your AntiVirus and AntiSpyware applications.
Reply with copy of C:\Combofix.txt
& the new (latest) MBAM scan log
& tell me, How is your system now ?
You will want to print out or copy these instructions to Notepad for offline reference!
If you are a casual viewer, do NOT try this on your system!
If you are not mick23 and have a similar problem, do NOT post here; start your own topic
Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.
Have infinite patience while any of these are running (especially with Combofix below)
Do NOT do any websurfing; nor play online games.
Only go to websites I guide you to and to this forum.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
If you have a prior copy of Combofix, delete it now !
Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.
Link 1
Link 2
Link 3
* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- RIGHT click on Combo-Fix.exe and select Run as Administrator & follow the prompts.
IF you should see a message like this:
then, be sure to write down fully and also copy that into your next reply here and then await for my response.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.
=
Next, Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab. Make sure all option lines have a checkmark.
Next, Click the Update tab. Press the "Check for Updates" button.
At this time of posting, the current definitions are # 2510 or later. The latest program version is 1.39 (released July 13)
When done, click the Scanner tab.
Do a Quick Scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
=
RE-Enable your AntiVirus and AntiSpyware applications.
Reply with copy of C:\Combofix.txt
& the new (latest) MBAM scan log
& tell me, How is your system now ?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)
MS-MVP (Oct 2002 - Sept 2010)
#5
Posted 29 July 2009 - 11:00 AM
-
- Members
-
- 3 posts
New Member
HI Maurice,
System is much better now. thanks so much for your help.
logs below:
ComboFix 09-07-28.04 - jb hifi 07/29/2009 20:39.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.338 [GMT 10:00]
Running from: c:\users\jb hifi\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\users\jb hifi\AppData\Roaming\BITS
c:\users\jb hifi\AppData\Roaming\BITS\BITS.ini
c:\users\jb hifi\AppData\Roaming\BITS\DHTTable.dat
c:\users\jb hifi\AppData\Roaming\BITS\ProxyList.ini
c:\users\jb hifi\AppData\Roaming\inst.exe
c:\windows\Installer\799baa.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\drivers\hjgruidcsopyvt.sys
c:\windows\system32\hjgruinpgukesd.dat
c:\windows\system32\hjgruiqtykimye.dll
c:\windows\system32\hjgruivwqrpvpi.dll
c:\windows\system32\hjgruixqxxetic.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hjgruihoibentr
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.
2009-07-29 10:47 . 2009-07-29 10:48 -------- d-----w- c:\users\jb hifi\AppData\Local\temp
2009-07-29 10:30 . 2009-07-29 10:30 -------- d-----w- c:\users\jb hifi\AppData\Local\Apple
2009-07-29 10:12 . 2009-07-29 10:12 -------- d-----w- c:\users\jb hifi\AppData\Local\Apple Computer
2009-07-27 10:57 . 2009-07-27 10:57 -------- d-----w- c:\program files\ERUNT
2009-07-26 06:56 . 2009-07-26 11:36 -------- d-----w- c:\programdata\avg8
2009-07-21 08:52 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 08:52 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-21 08:52 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-21 08:52 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-20 09:59 . 2009-03-19 06:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-20 09:59 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-20 09:58 . 2009-07-20 09:58 -------- d-----w- c:\program files\iPod
2009-07-20 09:58 . 2009-07-20 09:59 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-20 09:58 . 2009-07-20 09:59 -------- d-----w- c:\program files\iTunes
2009-07-20 09:57 . 2009-07-20 09:57 -------- d-----w- c:\program files\Bonjour
2009-07-20 09:56 . 2009-07-20 09:57 -------- d-----w- c:\program files\QuickTime
2009-07-20 09:48 . 2009-07-20 09:48 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-19 10:11 . 2009-07-19 10:11 198064 ----a-w- c:\users\jb hifi\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-19 10:11 . 2009-07-27 11:03 -------- d-----w- c:\users\jb hifi\AppData\Roaming\IDM
2009-07-19 10:11 . 2009-07-29 10:31 -------- d-----w- c:\users\jb hifi\AppData\Roaming\DMCache
2009-07-19 10:11 . 2009-07-19 10:11 -------- d-----w- c:\program files\Internet Download Manager
2009-07-19 06:58 . 2009-07-19 06:58 -------- d-----w- C:\profiles
2009-07-19 05:41 . 2009-07-19 06:32 -------- d-----w- C:\ZCVideoConverter
2009-07-19 05:40 . 2009-07-19 06:43 -------- d-----w- c:\program files\ZC Video Converter
2009-07-19 05:30 . 2009-07-19 05:30 -------- d-----w- c:\users\jb hifi\AppData\Roaming\DVD Flick
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 11:27 . 2009-05-09 11:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 12:35 . 2008-06-30 20:22 680 ----a-w- c:\users\jb hifi\AppData\Local\d3d9caps.dat
2009-07-26 11:32 . 2008-07-20 21:35 -------- d-----w- c:\program files\FlashGet
2009-07-26 09:00 . 2009-05-09 11:42 3775175 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-25 10:40 . 2008-07-25 08:34 -------- d-----w- c:\users\jb hifi\AppData\Roaming\Vso
2009-07-21 09:20 . 2008-02-12 00:44 -------- d-----w- c:\programdata\Microsoft Help
2009-07-20 09:58 . 2008-07-20 22:05 -------- d-----w- c:\program files\Common Files\Apple
2009-07-13 03:36 . 2009-05-09 11:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 03:36 . 2009-05-09 11:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-31 09:56 . 2009-05-31 09:55 -------- d-----w- c:\users\jb hifi\AppData\Roaming\Media Player Classic
2009-05-31 09:54 . 2009-05-31 09:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-31 09:26 . 2009-05-31 09:26 -------- d-----w- c:\program files\Common Files\SourceTec
2009-05-31 09:26 . 2009-05-31 09:26 -------- d-----w- c:\program files\SourceTec
2009-05-16 03:32 . 2008-06-30 20:22 113176 ----a-w- c:\users\jb hifi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-11 12:24 . 2008-07-28 10:27 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-05-09 05:50 . 2009-06-29 02:57 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-29 02:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-30 12:37 . 2009-06-29 02:56 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-29 02:56 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-07-26 06:55 . 2008-07-20 19:29 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\jb hifi\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"NDSTray.exe"=NDSTray.exe
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"RtHDVCpl"=RtHDVCpl.exe
"TPwrMain"=%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Skytel"=Skytel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FDB8D6F1-C1F7-4297-A99E-A4ACD6C5807B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{D7BD85C0-EC67-493F-9B7C-F89E7C7D18EF}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{569824CE-3710-4F11-8648-11491444F645}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{FB17CC25-3C01-4227-A355-9111B272BA2D}c:\\program files\\spssinc\\spss16\\spss.exe"= UDP:c:\program files\spssinc\spss16\spss.exe:SPSS
"UDP Query User{760EE142-EEBF-4D04-8D97-FAF525FED6D3}c:\\program files\\spssinc\\spss16\\spss.exe"= TCP:c:\program files\spssinc\spss16\spss.exe:SPSS
"{AE161CFF-5D40-483E-ADC7-D0D14BB8EE44}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{895F26A2-18A5-483F-BF6C-3998EC8DB426}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{607DD15E-900B-4B2B-B88E-500276962E6A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DE0393D8-69CA-4E6C-9D1D-40A9631568D0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E6182064-41CE-4F8D-B710-E03727558040}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{73E036C8-9C08-4EB0-851D-96AEF70D2753}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{9896AF06-FEF8-4562-99A5-6443A67F8C0A}c:\\program files\\flashget network\\flashget universal\\flashget.exe"= UDP:c:\program files\flashget network\flashget universal\flashget.exe:flashget
"UDP Query User{3FF9806B-6A6E-4184-A5A0-C27976048FFD}c:\\program files\\flashget network\\flashget universal\\flashget.exe"= TCP:c:\program files\flashget network\flashget universal\flashget.exe:flashget
"{1C686C7C-7E45-428F-A207-FD508D85EBDC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DDC20CB2-7B12-430E-8BDF-DA19919063BB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A5D66E85-47E3-4140-8A5C-828408E4DB2F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{97549CAD-195C-4F07-BC8A-8BEC713E667A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdate.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdateEx.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [7/1/2008 7:00 AM 25896]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 5:50 PM 30312]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [12/26/2007 7:07 AM 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [12/4/2007 10:03 AM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2/12/2008 10:52 AM 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [7/1/2008 6:25 AM 290304]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 9:31 PM 29263712]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003Core.job
- c:\users\jb hifi\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-13 05:04]
2009-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003UA.job
- c:\users\jb hifi\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-13 05:04]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\users\jb hifi\AppData\Roaming\Mozilla\Firefox\Profiles\j0lbincq.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\users\jb hifi\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\jb hifi\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 20:48
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-07-29 20:51
ComboFix-quarantined-files.txt 2009-07-29 10:51
Pre-Run: 14,708,883,456 bytes free
Post-Run: 14,667,034,624 bytes free
202 --- E O F --- 2009-07-21 09:21
Malwarebytes' Anti-Malware 1.39
Database version: 2510
Windows 6.0.6001 Service Pack 1
7/29/2009 8:58:24 PM
mbam-log-2009-07-29 (20-58-24).txt
Scan type: Quick Scan
Objects scanned: 86392
Time elapsed: 4 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
System is much better now. thanks so much for your help.
logs below:
ComboFix 09-07-28.04 - jb hifi 07/29/2009 20:39.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.338 [GMT 10:00]
Running from: c:\users\jb hifi\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\users\jb hifi\AppData\Roaming\BITS
c:\users\jb hifi\AppData\Roaming\BITS\BITS.ini
c:\users\jb hifi\AppData\Roaming\BITS\DHTTable.dat
c:\users\jb hifi\AppData\Roaming\BITS\ProxyList.ini
c:\users\jb hifi\AppData\Roaming\inst.exe
c:\windows\Installer\799baa.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\drivers\hjgruidcsopyvt.sys
c:\windows\system32\hjgruinpgukesd.dat
c:\windows\system32\hjgruiqtykimye.dll
c:\windows\system32\hjgruivwqrpvpi.dll
c:\windows\system32\hjgruixqxxetic.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hjgruihoibentr
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.
2009-07-29 10:47 . 2009-07-29 10:48 -------- d-----w- c:\users\jb hifi\AppData\Local\temp
2009-07-29 10:30 . 2009-07-29 10:30 -------- d-----w- c:\users\jb hifi\AppData\Local\Apple
2009-07-29 10:12 . 2009-07-29 10:12 -------- d-----w- c:\users\jb hifi\AppData\Local\Apple Computer
2009-07-27 10:57 . 2009-07-27 10:57 -------- d-----w- c:\program files\ERUNT
2009-07-26 06:56 . 2009-07-26 11:36 -------- d-----w- c:\programdata\avg8
2009-07-21 08:52 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 08:52 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-21 08:52 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-21 08:52 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-20 09:59 . 2009-03-19 06:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-20 09:59 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-20 09:58 . 2009-07-20 09:58 -------- d-----w- c:\program files\iPod
2009-07-20 09:58 . 2009-07-20 09:59 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-20 09:58 . 2009-07-20 09:59 -------- d-----w- c:\program files\iTunes
2009-07-20 09:57 . 2009-07-20 09:57 -------- d-----w- c:\program files\Bonjour
2009-07-20 09:56 . 2009-07-20 09:57 -------- d-----w- c:\program files\QuickTime
2009-07-20 09:48 . 2009-07-20 09:48 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-19 10:11 . 2009-07-19 10:11 198064 ----a-w- c:\users\jb hifi\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-19 10:11 . 2009-07-27 11:03 -------- d-----w- c:\users\jb hifi\AppData\Roaming\IDM
2009-07-19 10:11 . 2009-07-29 10:31 -------- d-----w- c:\users\jb hifi\AppData\Roaming\DMCache
2009-07-19 10:11 . 2009-07-19 10:11 -------- d-----w- c:\program files\Internet Download Manager
2009-07-19 06:58 . 2009-07-19 06:58 -------- d-----w- C:\profiles
2009-07-19 05:41 . 2009-07-19 06:32 -------- d-----w- C:\ZCVideoConverter
2009-07-19 05:40 . 2009-07-19 06:43 -------- d-----w- c:\program files\ZC Video Converter
2009-07-19 05:30 . 2009-07-19 05:30 -------- d-----w- c:\users\jb hifi\AppData\Roaming\DVD Flick
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 11:27 . 2009-05-09 11:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 12:35 . 2008-06-30 20:22 680 ----a-w- c:\users\jb hifi\AppData\Local\d3d9caps.dat
2009-07-26 11:32 . 2008-07-20 21:35 -------- d-----w- c:\program files\FlashGet
2009-07-26 09:00 . 2009-05-09 11:42 3775175 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-25 10:40 . 2008-07-25 08:34 -------- d-----w- c:\users\jb hifi\AppData\Roaming\Vso
2009-07-21 09:20 . 2008-02-12 00:44 -------- d-----w- c:\programdata\Microsoft Help
2009-07-20 09:58 . 2008-07-20 22:05 -------- d-----w- c:\program files\Common Files\Apple
2009-07-13 03:36 . 2009-05-09 11:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 03:36 . 2009-05-09 11:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-31 09:56 . 2009-05-31 09:55 -------- d-----w- c:\users\jb hifi\AppData\Roaming\Media Player Classic
2009-05-31 09:54 . 2009-05-31 09:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-31 09:26 . 2009-05-31 09:26 -------- d-----w- c:\program files\Common Files\SourceTec
2009-05-31 09:26 . 2009-05-31 09:26 -------- d-----w- c:\program files\SourceTec
2009-05-16 03:32 . 2008-06-30 20:22 113176 ----a-w- c:\users\jb hifi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-11 12:24 . 2008-07-28 10:27 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-05-09 05:50 . 2009-06-29 02:57 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-29 02:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-30 12:37 . 2009-06-29 02:56 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-29 02:56 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-07-26 06:55 . 2008-07-20 19:29 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\jb hifi\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"NDSTray.exe"=NDSTray.exe
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"RtHDVCpl"=RtHDVCpl.exe
"TPwrMain"=%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Skytel"=Skytel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FDB8D6F1-C1F7-4297-A99E-A4ACD6C5807B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{D7BD85C0-EC67-493F-9B7C-F89E7C7D18EF}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{569824CE-3710-4F11-8648-11491444F645}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{FB17CC25-3C01-4227-A355-9111B272BA2D}c:\\program files\\spssinc\\spss16\\spss.exe"= UDP:c:\program files\spssinc\spss16\spss.exe:SPSS
"UDP Query User{760EE142-EEBF-4D04-8D97-FAF525FED6D3}c:\\program files\\spssinc\\spss16\\spss.exe"= TCP:c:\program files\spssinc\spss16\spss.exe:SPSS
"{AE161CFF-5D40-483E-ADC7-D0D14BB8EE44}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{895F26A2-18A5-483F-BF6C-3998EC8DB426}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{607DD15E-900B-4B2B-B88E-500276962E6A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DE0393D8-69CA-4E6C-9D1D-40A9631568D0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E6182064-41CE-4F8D-B710-E03727558040}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{73E036C8-9C08-4EB0-851D-96AEF70D2753}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{9896AF06-FEF8-4562-99A5-6443A67F8C0A}c:\\program files\\flashget network\\flashget universal\\flashget.exe"= UDP:c:\program files\flashget network\flashget universal\flashget.exe:flashget
"UDP Query User{3FF9806B-6A6E-4184-A5A0-C27976048FFD}c:\\program files\\flashget network\\flashget universal\\flashget.exe"= TCP:c:\program files\flashget network\flashget universal\flashget.exe:flashget
"{1C686C7C-7E45-428F-A207-FD508D85EBDC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DDC20CB2-7B12-430E-8BDF-DA19919063BB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A5D66E85-47E3-4140-8A5C-828408E4DB2F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{97549CAD-195C-4F07-BC8A-8BEC713E667A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdate.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdateEx.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [7/1/2008 7:00 AM 25896]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 5:50 PM 30312]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [12/26/2007 7:07 AM 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [12/4/2007 10:03 AM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2/12/2008 10:52 AM 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [7/1/2008 6:25 AM 290304]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 9:31 PM 29263712]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003Core.job
- c:\users\jb hifi\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-13 05:04]
2009-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-718830-72736861-2833422223-1003UA.job
- c:\users\jb hifi\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-13 05:04]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\users\jb hifi\AppData\Roaming\Mozilla\Firefox\Profiles\j0lbincq.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\users\jb hifi\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\jb hifi\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 20:48
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-07-29 20:51
ComboFix-quarantined-files.txt 2009-07-29 10:51
Pre-Run: 14,708,883,456 bytes free
Post-Run: 14,667,034,624 bytes free
202 --- E O F --- 2009-07-21 09:21
Malwarebytes' Anti-Malware 1.39
Database version: 2510
Windows 6.0.6001 Service Pack 1
7/29/2009 8:58:24 PM
mbam-log-2009-07-29 (20-58-24).txt
Scan type: Quick Scan
Objects scanned: 86392
Time elapsed: 4 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#6
Posted 30 July 2009 - 12:28 AM
-
- Moderators
-
- 4,241 posts
Eradicator de logiciels malveillants
- Gender:Male
- Location:USA
- Interests:Security, Windows, Windows Update, malware prevention
The rootkit is gone now. You are good to go after this.
Unless you have purchased Malwarebytes' Anti Malware {MBAM}, you should un-install it. Go to Control Panel and Add-or-Remove programs.
Look for it and click the line for it. Select Change/Remove to de-install it.
OK & Exit out of Control Panel
I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.
The following few steps will remove tools we used; followed by advice on staying safer.
We have to remove Combofix and all its associated folders.
By whichever name you named it, ( you had named it combo-fix
), put that name in the RUN box stated just below.
The "/u" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space after x and before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.
Unless you have purchased Malwarebytes' Anti Malware {MBAM}, you should un-install it. Go to Control Panel and Add-or-Remove programs.
Look for it and click the line for it. Select Change/Remove to de-install it.
OK & Exit out of Control Panel
I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.
The following few steps will remove tools we used; followed by advice on staying safer.
We have to remove Combofix and all its associated folders.
By whichever name you named it, ( you had named it combo-fix
), put that name in the RUN box stated just below. The "/u" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space after x and before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.
- Click Start, then click Run.
In the command box that opens, type or copy/paste combo-fix /u and then click OK.
- Please Right-click OTL.exe
and select Run As Administrator to start it. - Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
- This step removes the files, folders, and shortcuts created by the tools I had you download and run.
- Run Disk Cleanup with the System Restore Cleanup as outlined here by Bert Kinney, MS MVP
http://bertk.mvps.or...skcleanupv.html
- You may reset your Windows Explorer {My Computer} Folder Options > VIEW settings back to where they had been before. {under hidden files & folders to not show hidden or system files -and- to "hide protected operating system files" }
- Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
- Check in at Windows Update and install any Critical Updates offered.
- Download and Install Windows Defender by Microsoft (free) if you do not already have it:
http://www.microsoft.com/downloads/details...A4-F7F14E605A0D
- Make certain that Automatic Updates is enabled.
- Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)
- I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winh...02/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.
- Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
Kaspersky Webscan Online Virus Scanner
ESET Online Scanner
Panda ActiveScan
Trend Micro Housecall
F-Secure Online Scanner
- Read Tony Klein's article How Did I Get Infected In The First Place
- Never, ever download free games, free tools, smileys, or anything free unless you can be absolutely sure the source is safe !
Finally, spend some time reading about how to keep your computer safe on the Internet: http://www.bleepingc...tutorial82.html
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)
MS-MVP (Oct 2002 - Sept 2010)
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
