Jump to content

D. Elliot

Members
 View Profile  See their activity

  • Posts

    19

  • Joined

  • Last visited

Reputation

0 Neutral
  1. D. Elliot
    Thanks
  2. D. Elliot
    Ok, here are the results: Results of screen317's Security Check version 0.99.5 Windows 7 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Internet Security AVG Free 9.0 Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware TuneUp Companion 1.5.11 Java 6 Update 14 Out of date Java installed! Adobe Flash Player 9.0.124.0 Adobe Reader 9.3.4 ```````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 afwServ.exe Alwil Software Avast5 AvastUI.exe ```````````````````````````````` DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?) ``````````End of Log````````````
  3. D. Elliot
    Ok, it looks like everything is clear. Here's the log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4616 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 14/09/2010 4:50:50 PM mbam-log-2010-09-14 (16-50-50).txt Scan type: Quick scan Objects scanned: 140898 Time elapsed: 7 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. D. Elliot
    Hi, I've deleted the folder, should i do another scan do be sure? And again, thank you so much!! An infected computer is probably not the best way to begin the school year
  5. D. Elliot
    Hi, I still don't see the file. Could it still be eleswhere?
  6. D. Elliot
    I just followed through with the other instructions in regards to HTJ. Here are the results: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:25:28 PM, on 14/09/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\System32\rundll32.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\ltmoh.exe C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe C:\Program Files\TOSHIBA\TECO\TEco.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\windows\system32\igfxext.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\taskeng.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\cmd.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Program Files\LSI SoftModem\agrsmsvc.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- End of file - 10907 bytes
  7. D. Elliot
    Hi, I've check my control panel/programs and I don't see the 'application updater.'
  8. D. Elliot
    Hi, Here are the results (fingers crossed) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:36:57 PM, on 14/09/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\windows\system32\Dwm.exe C:\windows\system32\taskhost.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\ltmoh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe C:\Program Files\TOSHIBA\TECO\TEco.exe C:\windows\system32\igfxext.exe C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\windows\Explorer.exe C:\windows\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG9\avgui.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\win.exe O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Windows\system.exe O4 - HKCU\..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\cmd.exe O4 - HKCU\..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Windows\win.exe O4 - HKCU\..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\cmd.exe O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\system.exe O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Program Files\LSI SoftModem\agrsmsvc.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- End of file - 11741 bytes
  9. D. Elliot
    Hi, Here are the results: ComboFix 10-09-14.01 - Day Bduard 14/09/2010 13:17:42.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.2909.1736 [GMT -4:00] Running from: c:\users\Day Bduard\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\IE\4.0.2\config.ini c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\WidgiHelper.exe c:\program files\Search Settings c:\program files\Search Settings\SeARchsettings.dll c:\program files\Search Settings\SearchSettings.exe c:\program files\Search Settings\SearchSettingsRes409.dll Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe Infected copy of c:\windows\System32\wininit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe . ((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 ))))))))))))))))))))))))))))))) . 2010-09-14 17:51 . 2010-09-14 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-14 17:51 . 2010-09-14 17:51 -------- d-----w- c:\users\Day Bduard\AppData\Local\temp 2010-09-14 15:55 . 2010-09-14 15:55 -------- d-----w- c:\program files\Trend Micro 2010-09-14 02:39 . 2010-09-14 02:49 -------- d-----w- c:\program files\Microsoft Windows OneCare Live 2010-09-14 00:08 . 2010-09-14 00:08 -------- d-----w- C:\avrescue 2010-09-13 21:10 . 2010-09-13 21:10 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\Avira 2010-09-13 21:05 . 2010-09-13 21:05 -------- d-----w- c:\programdata\Avira 2010-09-13 21:05 . 2010-09-13 21:05 -------- d-----w- c:\program files\Avira 2010-09-12 19:53 . 2010-09-14 04:03 -------- d-----w- C:\Converted Video Files 2010-09-12 18:34 . 2010-09-12 18:34 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\Malwarebytes 2010-09-12 18:33 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-12 18:33 . 2010-09-12 18:33 -------- d-----w- c:\programdata\Malwarebytes 2010-09-12 18:33 . 2010-09-14 16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-12 18:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-12 05:04 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-12 05:04 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-09-12 05:04 . 2010-09-07 14:54 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys 2010-09-12 05:04 . 2010-09-07 14:53 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2010-09-12 05:03 . 2010-09-07 14:53 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2010-09-12 05:03 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-12 05:03 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-12 05:03 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-09-12 05:03 . 2010-09-07 14:24 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2010-09-12 05:03 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr 2010-09-12 05:03 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-12 05:03 . 2010-09-12 05:03 -------- d-----w- c:\programdata\Alwil Software 2010-09-12 05:03 . 2010-09-12 05:03 -------- d-----w- c:\program files\Alwil Software 2010-09-10 21:02 . 2010-09-10 21:02 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\SUPERAntiSpyware.com 2010-09-10 21:02 . 2010-09-10 21:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-09-09 17:02 . 2010-09-09 17:02 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\HPAppData 2010-09-08 04:36 . 2010-09-09 01:11 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\dvdcss 2010-09-07 04:21 . 2010-09-07 04:21 -------- d-----w- c:\program files\iPod 2010-09-07 04:21 . 2010-09-07 04:22 -------- d-----w- c:\program files\iTunes 2010-08-26 01:17 . 2010-08-26 01:17 -------- d-----w- c:\program files\Application Updater 2010-08-26 01:16 . 2010-07-23 06:37 311296 ----a-w- c:\windows\system32\TubeFinder.exe 2010-08-26 01:16 . 2009-06-19 23:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2010-08-26 01:16 . 2009-06-19 23:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2010-08-26 01:16 . 2010-08-26 01:16 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\FreeFLVConverter 2010-08-26 01:16 . 2010-08-26 01:16 -------- d-----w- c:\program files\Free FLV Converter 2010-08-26 01:16 . 2009-06-19 23:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL 2010-08-26 01:16 . 2009-06-19 23:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL 2010-08-26 01:16 . 2009-06-19 23:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2010-08-26 00:59 . 2010-08-26 01:09 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\Any Flv Converter 2010-08-26 00:59 . 2010-08-26 01:09 -------- d-----w- c:\program files\Any Flv Converter 2010-08-22 15:28 . 2010-08-22 15:28 -------- d-----w- c:\program files\QuickTime 2010-08-20 20:50 . 2010-08-20 22:02 -------- d-----w- c:\program files\Total Video Converter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-14 15:04 . 2009-11-01 21:50 468493 ----a-w- c:\windows\hpoins37.dat 2010-09-14 04:16 . 2009-10-29 09:39 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\Azureus 2010-09-14 04:15 . 2009-11-15 17:57 -------- d-----w- c:\programdata\Yahoo! Companion 2010-09-12 04:47 . 2009-11-26 18:05 -------- d-----w- c:\programdata\avg9 2010-09-11 18:13 . 2009-10-30 11:00 -------- d-----w- c:\users\Day Bduard\AppData\Roaming\vlc 2010-09-11 03:14 . 2009-08-20 23:23 -------- d-----w- c:\program files\Common Files\Adobe 2010-09-07 04:21 . 2009-10-28 18:48 -------- d-----w- c:\program files\Common Files\Apple 2010-09-01 18:58 . 2009-10-29 09:37 -------- d-----w- c:\program files\Vuze 2010-08-26 01:25 . 2009-11-26 18:06 -------- d-----w- c:\programdata\AVG Security Toolbar 2010-08-20 20:53 . 2009-10-28 16:20 96536 ----a-w- c:\users\Day Bduard\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-12 02:46 . 2009-10-28 15:50 -------- d-----w- c:\program files\Microsoft Works 2010-08-12 02:43 . 2009-10-28 15:51 -------- d-----w- c:\programdata\Microsoft Help 2010-08-08 19:58 . 2009-11-04 21:44 -------- d-----w- c:\program files\Safari 2010-08-02 05:08 . 2010-01-12 20:51 -------- d-----w- c:\program files\DoremiSoft 2010-07-29 06:30 . 2010-08-11 23:13 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30 . 2010-08-11 23:13 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-07-15 20:47 . 2009-11-26 18:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 20:47 . 2010-07-15 20:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 20:46 . 2009-11-26 18:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-30 06:25 . 2010-08-11 23:13 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-22 02:47 . 2010-08-11 23:13 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-22 02:47 . 2010-08-11 23:13 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-06-22 02:47 . 2010-08-11 23:13 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-06-19 06:33 . 2010-08-11 23:13 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-19 06:33 . 2010-08-11 23:13 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-19 06:23 . 2010-08-11 23:13 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-06-19 04:07 . 2010-08-11 23:13 2326016 ----a-w- c:\windows\system32\win32k.sys 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] "{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}] [HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB00982.TBSB00982] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] "{6CD56C02-CB4D-41B5-A0FE-B479061CCB41}"= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}] [HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB00982.TBSB00982] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell] @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}" [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}] 2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080] "SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840] "Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-10 1324384] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136] "TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672] "TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648] "TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792] "TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1343400] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312] S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928] S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-10 464264] S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-10 234888] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136] S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 04:16] 2010-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 04:16] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll HKCU-Run-Uquxe - c:\windows\system.exe HKCU-Run-UqqZ - c:\windows\cmd.exe HKCU-Run-Uqva - c:\windows\win.exe HKCU-Run-Uqpe - c:\windows\avp.exe HKCU-Run-Mquxe - c:\windows\system.exe HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe HKLM-Run-Mquxe - c:\windows\system.exe AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000020 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\sppsvc.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\windows\system32\igfxext.exe c:\program files\AVG\AVG9\avgtray.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnscfg.exe . ************************************************************************** . Completion time: 2010-09-14 14:06:38 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-14 18:06 Pre-Run: 360,252,047,360 bytes free Post-Run: 361,870,483,456 bytes free - - End Of File - - B9E5B8D773CF25E08DEE43BF03D1F157
  10. D. Elliot
    Ok, I checked and I am the 32 type. Here are the results from Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:55:57 AM, on 14/09/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\ltmoh.exe C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe C:\Program Files\TOSHIBA\TECO\TEco.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\windows\system32\igfxext.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\system32\taskeng.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\helppane.exe C:\windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LvOWPiejlspS] C:\Users\DAYBDU~1\AppData\Local\Temp\osumdrbts4.exe O4 - HKLM\..\Run: [LvOWPiejlq+] C:\Users\DAYBDU~1\AppData\Local\Temp\liz27b.exe O4 - HKLM\..\Run: [LvOWPiejloOmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\DAYBDU~1\AppData\Local\Temp\izd6as.exe O4 - HKLM\..\Run: [LveOkZkfgotc] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe O4 - HKLM\..\Run: [LveOkZkfgpZ] C:\Users\Day Bduard\AppData\Local\Temp\mdm.exe O4 - HKLM\..\Run: [LveOkZkfgnsc] C:\Users\Day Bduard\AppData\Local\Temp\drweb.exe O4 - HKLM\..\Run: [LveOkZkfgouqc] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe O4 - HKLM\..\Run: [LveOkZkfgsre] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe O4 - HKLM\..\Run: [LveOkZkfgotc(Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe O4 - HKLM\..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe O4 - HKLM\..\Run: [LveOkZkfgouqcWindows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe O4 - HKLM\..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [LveOkZkfgsre(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Mquxe] C:\Windows\system.exe O4 - HKLM\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [LvOWPiejlspS] C:\Users\DAYBDU~1\AppData\Local\Temp\osumdrbts4.exe O4 - HKCU\..\Run: [LvOWPiejlq+] C:\Users\DAYBDU~1\AppData\Local\Temp\liz27b.exe O4 - HKCU\..\Run: [LvOWPiejloOmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\DAYBDU~1\AppData\Local\Temp\izd6as.exe O4 - HKCU\..\Run: [LvOWPiejlotc] C:\Users\DAYBDU~1\AppData\Local\Temp\hexdump.exe O4 - HKCU\..\Run: [uquxe] C:\windows\system.exe O4 - HKCU\..\Run: [LvOWPiejlmc] C:\Users\DAYBDU~1\AppData\Local\Temp\mdm.exe O4 - HKCU\..\Run: [LvOWPiejlqW] C:\Users\DAYBDU~1\AppData\Local\Temp\drweb.exe O4 - HKCU\..\Run: [uqqZ] C:\windows\cmd.exe O4 - HKCU\..\Run: [LvOWPiejlora] C:\Users\DAYBDU~1\AppData\Local\Temp\iexplarer.exe O4 - HKCU\..\Run: [LvOWPiejlqvc] C:\Users\DAYBDU~1\AppData\Local\Temp\wininst.exe O4 - HKCU\..\Run: [uqva] C:\windows\win.exe O4 - HKCU\..\Run: [uqpe] C:\windows\avp.exe O4 - HKCU\..\Run: [LvOWPiejlotc(Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] C:\Users\DAYBDU~1\AppData\Local\Temp\hexdump.exe O4 - HKCU\..\Run: [LvOWPiejlotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\DAYBDU~1\AppData\Local\Temp\hexdump.exe O4 - HKCU\..\Run: [LveOkZkfgotc] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe O4 - HKCU\..\Run: [Mquxe] C:\Windows\system.exe O4 - HKCU\..\Run: [LveOkZkfgpZ] C:\Users\Day Bduard\AppData\Local\Temp\mdm.exe O4 - HKCU\..\Run: [LveOkZkfgnsc] C:\Users\Day Bduard\AppData\Local\Temp\drweb.exe O4 - HKCU\..\Run: [LveOkZkfgouqc] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe O4 - HKCU\..\Run: [LveOkZkfgsre] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe O4 - HKCU\..\Run: [LveOkZkfgotc(Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe O4 - HKCU\..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\win.exe O4 - HKCU\..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Windows\system.exe O4 - HKCU\..\Run: [LveOkZkfgouqcWindows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe O4 - HKCU\..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\cmd.exe O4 - HKCU\..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe O4 - HKCU\..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Windows\win.exe O4 - HKCU\..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\cmd.exe O4 - HKCU\..\Run: [LveOkZkfgsre(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\system.exe O4 - HKCU\..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Program Files\LSI SoftModem\agrsmsvc.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- End of file - 17172 bytes
  11. D. Elliot
    Hi, I do have windows 7, but I'm not sure what you mean by "bits"
  12. D. Elliot
    Here are the results from Extras.Txt OTL Extras logfile created on: 9/13/2010 11:52:15 PM - Run 1 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Day Bduard\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 434.43 Gb Total Space | 335.46 Gb Free Space | 77.22% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DAYBDUARD-PC Current User Name: Day Bduard Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{0167F157-DAB9-46b0-86C4-7C66DDA85B48}" = HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status "{0409c45d-df44-4b98-93b0-572697aa054a}" = F4400 "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes "{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3 "{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel
  13. D. Elliot
    Ok, here are the files: OTL.Txt OTL logfile created on: 9/13/2010 11:52:15 PM - Run 1 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Day Bduard\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 434.43 Gb Total Space | 335.46 Gb Free Space | 77.22% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DAYBDUARD-PC Current User Name: Day Bduard Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\Day Bduard\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software) PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) PRC - C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\igfxext.exe (Intel Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe () PRC - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe () PRC - C:\Program Files\ltmoh\ltmoh.exe (LSI Corp.) ========== Modules (SafeList) ========== MOD - C:\Users\Day Bduard\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Alwil Software\Avast5\snxPlugins.dll (AVAST Software) MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) MOD - C:\Program Files\Internet Explorer\ieproxy.dll (Microsoft Corporation) MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation) MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation) MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation) MOD - C:\Windows\System32\StructuredQuery.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\srvcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\slc.dll (Microsoft Corporation) MOD - C:\Windows\System32\SearchFolder.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\RpcRtRemote.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\msi.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe File not found SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (RSELSVC) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation) SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe () SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe () ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found DRV - (RSUSBSTOR) -- C:\windows\System32\Drivers\RtsUStor.sys File not found DRV - (aswFW) -- C:\windows\System32\drivers\aswFW.sys (AVAST Software) DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswNdis2) -- C:\windows\System32\drivers\aswNdis2.sys (AVAST Software) DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswNdis) -- C:\windows\system32\DRIVERS\aswNdis.sys (ALWIL Software) DRV - (AvgTdiX) -- C:\windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (tos_sps32) -- C:\windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (TVALZ) -- C:\windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (LPCFilter) -- C:\windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation) DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSCA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSCA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/21 10:52:10 | 000,000,000 | ---D | M] [2009/10/29 05:37:40 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Mozilla\Firefox\extensions [2009/10/29 05:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Day Bduard\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (LSI Corp.) O4 - HKLM..\Run: [LveOkZkfgnsc] C:\Users\Day Bduard\AppData\Local\Temp\drweb.exe File not found O4 - HKLM..\Run: [LveOkZkfgotc] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found O4 - HKLM..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found O4 - HKLM..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found O4 - HKLM..\Run: [LveOkZkfgotc(Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found O4 - HKLM..\Run: [LveOkZkfgouqc] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe File not found O4 - HKLM..\Run: [LveOkZkfgouqcWindows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe File not found O4 - HKLM..\Run: [LveOkZkfgpZ] C:\Users\Day Bduard\AppData\Local\Temp\mdm.exe File not found O4 - HKLM..\Run: [LveOkZkfgsre] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe File not found O4 - HKLM..\Run: [LveOkZkfgsre(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe File not found O4 - HKLM..\Run: [LvOWPiejloOmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\DAYBDU~1\AppData\Local\Temp\izd6as.exe File not found O4 - HKLM..\Run: [LvOWPiejlq+] C:\Users\DAYBDU~1\AppData\Local\Temp\liz27b.exe File not found O4 - HKLM..\Run: [LvOWPiejlspS] C:\Users\DAYBDU~1\AppData\Local\Temp\osumdrbts4.exe File not found O4 - HKLM..\Run: [Mquxe] C:\Windows\system.exe File not found O4 - HKLM..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKCU..\Run: [LveOkZkfgnsc] C:\Users\Day Bduard\AppData\Local\Temp\drweb.exe File not found O4 - HKCU..\Run: [LveOkZkfgotc] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found O4 - HKCU..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found O4 - HKCU..\Run: [LveOkZkfgotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found O4 - HKCU..\Run: [LveOkZkfgotc(Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Users\Day Bduard\AppData\Local\Temp\hexdump.exe File not found O4 - HKCU..\Run: [LveOkZkfgouqc] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe File not found O4 - HKCU..\Run: [LveOkZkfgouqcWindows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Users\Day Bduard\AppData\Local\Temp\iexplarer.exe File not found O4 - HKCU..\Run: [LveOkZkfgpZ] C:\Users\Day Bduard\AppData\Local\Temp\mdm.exe File not found O4 - HKCU..\Run: [LveOkZkfgsre] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe File not found O4 - HKCU..\Run: [LveOkZkfgsre(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\Day Bduard\AppData\Local\Temp\wininst.exe File not found O4 - HKCU..\Run: [LvOWPiejlmc] C:\Users\DAYBDU~1\AppData\Local\Temp\mdm.exe File not found O4 - HKCU..\Run: [LvOWPiejloOmd.com/dw/dw.php?id=%s&ver=d01] C:\Users\DAYBDU~1\AppData\Local\Temp\izd6as.exe File not found O4 - HKCU..\Run: [LvOWPiejlora] C:\Users\DAYBDU~1\AppData\Local\Temp\iexplarer.exe File not found O4 - HKCU..\Run: [LvOWPiejlotc] C:\Users\DAYBDU~1\AppData\Local\Temp\hexdump.exe File not found O4 - HKCU..\Run: [LvOWPiejlotc(Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Users\DAYBDU~1\AppData\Local\Temp\hexdump.exe File not found O4 - HKCU..\Run: [LvOWPiejlotc(Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] C:\Users\DAYBDU~1\AppData\Local\Temp\hexdump.exe File not found O4 - HKCU..\Run: [LvOWPiejlq+] C:\Users\DAYBDU~1\AppData\Local\Temp\liz27b.exe File not found O4 - HKCU..\Run: [LvOWPiejlqvc] C:\Users\DAYBDU~1\AppData\Local\Temp\wininst.exe File not found O4 - HKCU..\Run: [LvOWPiejlqW] C:\Users\DAYBDU~1\AppData\Local\Temp\drweb.exe File not found O4 - HKCU..\Run: [LvOWPiejlspS] C:\Users\DAYBDU~1\AppData\Local\Temp\osumdrbts4.exe File not found O4 - HKCU..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] C:\Windows\cmd.exe File not found O4 - HKCU..\Run: [MqqZlla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\cmd.exe File not found O4 - HKCU..\Run: [Mquxe] C:\Windows\system.exe File not found O4 - HKCU..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] C:\Windows\system.exe File not found O4 - HKCU..\Run: [Mquxela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\system.exe File not found O4 - HKCU..\Run: [Mquxela/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] C:\Windows\system.exe File not found O4 - HKCU..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] C:\Windows\win.exe File not found O4 - HKCU..\Run: [Mqvalla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] C:\Windows\win.exe File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [uqpe] C:\windows\avp.exe File not found O4 - HKCU..\Run: [uqqZ] C:\windows\cmd.exe File not found O4 - HKCU..\Run: [uquxe] C:\windows\system.exe File not found O4 - HKCU..\Run: [uqva] C:\windows\win.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NOFOLDEROPTIONS = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.) Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.XVID - xvidvfw.dll File not found ========== Files/Folders - Created Within 90 Days ========== [2010/09/13 23:31:10 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Day Bduard\Desktop\OTL.exe [2010/09/13 22:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live [2010/09/13 20:08:47 | 000,000,000 | ---D | C] -- C:\avrescue [2010/09/13 17:10:18 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\Avira [2010/09/13 17:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010/09/13 17:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010/09/12 15:53:41 | 000,000,000 | ---D | C] -- C:\Converted Video Files [2010/09/12 14:34:08 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\Malwarebytes [2010/09/12 14:33:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2010/09/12 14:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/09/12 14:33:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2010/09/12 14:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/09/12 01:04:16 | 000,165,584 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2010/09/12 01:04:16 | 000,017,744 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys [2010/09/12 01:04:15 | 000,340,048 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2010/09/12 01:04:15 | 000,099,792 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys [2010/09/12 01:03:41 | 000,190,416 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys [2010/09/12 01:03:41 | 000,050,768 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2010/09/12 01:03:41 | 000,046,672 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2010/09/12 01:03:41 | 000,023,376 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys [2010/09/12 01:03:08 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswNdis.sys [2010/09/12 01:03:07 | 000,167,592 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2010/09/12 01:03:07 | 000,038,848 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2010/09/12 01:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010/09/12 01:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010/09/10 17:02:56 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\SUPERAntiSpyware.com [2010/09/10 17:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010/09/09 21:03:48 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2010/09/09 13:02:43 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\HPAppData [2010/09/08 00:36:25 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\dvdcss [2010/09/07 00:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/09/07 00:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/08/25 21:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Search Settings [2010/08/25 21:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar [2010/08/25 21:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2010/08/25 21:16:34 | 000,311,296 | ---- | C] (Koyote Soft - http://www.koyotesoft.com) -- C:\windows\System32\TubeFinder.exe [2010/08/25 21:16:32 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\FreeFLVConverter [2010/08/25 21:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter [2010/08/25 21:14:09 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\Documents\Pazera_Free_FLV_to_AVI_Converter[1] [2010/08/25 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010/08/25 20:59:54 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\AppData\Roaming\Any Flv Converter [2010/08/25 20:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Any Flv Converter [2010/08/22 11:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/08/20 16:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video Converter [2010/07/15 16:47:50 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll [2010/07/01 16:18:57 | 000,000,000 | ---D | C] -- C:\Users\Day Bduard\Documents\Movies [2010/06/18 00:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2 C:\Users\Day Bduard\Documents\*.tmp files -> C:\Users\Day Bduard\Documents\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/09/13 23:52:20 | 003,932,160 | -HS- | M] () -- C:\Users\Day Bduard\ntuser.dat [2010/09/13 23:33:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2010/09/13 23:31:17 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Day Bduard\Desktop\OTL.exe [2010/09/13 23:00:02 | 000,468,493 | ---- | M] () -- C:\windows\hpoins37.dat [2010/09/13 22:59:54 | 000,468,493 | ---- | M] () -- C:\windows\hpoins37.dat.temp [2010/09/13 22:56:31 | 000,000,438 | ---- | M] () -- C:\windows\win.ini [2010/09/13 22:55:43 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/13 22:55:43 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/13 22:48:44 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2010/09/13 22:48:13 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/09/13 22:47:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010/09/13 22:47:54 | 2287,632,384 | -HS- | M] () -- C:\hiberfil.sys [2010/09/13 22:46:45 | 001,380,885 | -H-- | M] () -- C:\Users\Day Bduard\AppData\Local\IconCache.db [2010/09/13 20:27:23 | 064,592,103 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm [2010/09/13 20:23:01 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2010/09/13 20:22:54 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt [2010/09/12 21:51:51 | 009,054,208 | ---- | M] () -- C:\Users\Day Bduard\Documents\The_End_Of_Heartache.mp3 [2010/09/12 17:10:16 | 000,713,888 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2010/09/12 17:10:16 | 000,619,642 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010/09/12 17:10:16 | 000,107,792 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010/09/12 14:33:57 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/10 23:14:14 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/09/10 01:17:40 | 000,042,196 | ---- | M] () -- C:\Users\Day Bduard\Documents\Sharaput POL 203 FAll 2010.docx [2010/09/09 21:04:38 | 000,000,005 | ---- | M] () -- C:\zrpt.xml [2010/09/09 18:07:39 | 005,322,992 | ---- | M] () -- C:\Users\Day Bduard\Documents\Drake-9am In Dallas.mp3 [2010/09/09 13:02:19 | 000,037,552 | ---- | M] () -- C:\Users\Day Bduard\Documents\CYC347_course_outline_fall_2010.docx [2010/09/07 19:01:29 | 000,014,074 | ---- | M] () -- C:\Users\Day Bduard\Documents\Obama!!.docx [2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2010/09/07 10:54:16 | 000,099,792 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys [2010/09/07 10:53:58 | 000,340,048 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2010/09/07 10:53:35 | 000,190,416 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys [2010/09/07 10:24:46 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\windows\System32\drivers\aswNdis.sys [2010/09/07 00:22:26 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/08/25 21:16:36 | 000,001,090 | ---- | M] () -- C:\Users\Day Bduard\Desktop\Free FLV Converter.lnk [2010/08/24 17:58:35 | 349,478,411 | ---- | M] () -- C:\windows\MEMORY.DMP [2010/08/22 11:28:37 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/08/21 14:21:36 | 000,376,032 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2010/08/20 16:53:46 | 000,096,536 | ---- | M] () -- C:\Users\Day Bduard\AppData\Local\GDIPFONTCACHEV1.DAT [2010/08/08 22:44:54 | 000,011,375 | ---- | M] () -- C:\Users\Day Bduard\Documents\Can you speak more than one language.docx [2010/08/08 15:59:00 | 000,002,503 | ---- | M] () -- C:\Users\Day Bduard\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2010/08/08 15:59:00 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2010/07/26 19:04:42 | 000,001,414 | ---- | M] () -- C:\Users\Day Bduard\Desktop\Continue Flash Player Installation.lnk [2010/07/23 02:37:16 | 000,311,296 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\windows\System32\TubeFinder.exe [2010/07/20 20:45:56 | 000,018,349 | ---- | M] () -- C:\Users\Day Bduard\Documents\WATER.docx [2010/07/19 23:02:29 | 000,000,162 | -H-- | M] () -- C:\Users\Day Bduard\Documents\~$WATER.docx [2010/07/18 16:32:51 | 000,001,152 | ---- | M] () -- C:\windows\System32\mapisvc.inf [2010/07/15 16:47:52 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys [2010/07/15 16:47:50 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll [2010/07/15 16:46:50 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys [2010/07/03 12:43:40 | 008,122,287 | ---- | M] () -- C:\Users\Day Bduard\Documents\10 - Circle Of Hell - www.file24ever.com.mp3 [2010/07/03 12:43:40 | 003,827,756 | ---- | M] () -- C:\Users\Day Bduard\Documents\03 - Meet John Constantine - www.file24ever.com.mp3 [2010/07/01 23:22:09 | 004,439,132 | ---- | M] () -- C:\Users\Day Bduard\Documents\JuniorMafiaGetMoney.mp3 [2010/07/01 23:21:23 | 007,355,206 | ---- | M] () -- C:\Users\Day Bduard\Documents\clipse-footsteps__feat_kobe_.mp3 [2010/07/01 23:21:23 | 003,193,820 | ---- | M] () -- C:\Users\Day Bduard\Documents\10 - Clipse - Counseling _Featuring Nicole Hurst_ _Produced By The Neptunes_.mp3 [2010/07/01 23:21:22 | 004,990,945 | ---- | M] () -- C:\Users\Day Bduard\Documents\Clipse - We Got It For Cheap (Intro).mp3 [2010/07/01 23:21:22 | 003,655,622 | ---- | M] () -- C:\Users\Day Bduard\Documents\Clipse_Freedom.mp3 [2010/07/01 22:59:34 | 012,356,527 | ---- | M] () -- C:\Users\Day Bduard\Documents\01 Door Man.mp3 [2010/06/30 22:37:34 | 005,386,951 | ---- | M] () -- C:\Users\Day Bduard\Documents\The Clipse Feat. Pharrell _ Kenna -Life Change.mp3 [2010/06/30 22:37:34 | 005,121,260 | ---- | M] () -- C:\Users\Day Bduard\Documents\The Clipse -Champion.mp3 [2010/06/30 22:37:32 | 004,395,334 | ---- | M] () -- C:\Users\Day Bduard\Documents\Clipse Ft_ Yo Gotti - Showin_ Out _Prod_ .mp3 [2010/06/30 22:37:32 | 004,371,463 | ---- | M] () -- C:\Users\Day Bduard\Documents\The Clipse -There Was A Murder.mp3 [2010/06/30 01:37:51 | 000,016,775 | ---- | M] () -- C:\Users\Day Bduard\Documents\Arts and Crafts.docx [2010/06/29 21:48:06 | 004,300,757 | ---- | M] () -- C:\Users\Day Bduard\Documents\nas - just a moment (ft. quan).mp3 [2010/06/29 21:47:05 | 012,236,067 | ---- | M] () -- C:\Users\Day Bduard\Documents\06 - Unknown - Track 6.mp3 [2010/06/29 21:47:05 | 011,515,850 | ---- | M] () -- C:\Users\Day Bduard\Documents\07 - Unknown - Track 7.mp3 [2010/06/29 21:47:04 | 009,803,133 | ---- | M] () -- C:\Users\Day Bduard\Documents\02 - Unknown - Track 2.mp3 [2010/06/29 21:47:04 | 008,210,951 | ---- | M] () -- C:\Users\Day Bduard\Documents\drake-forever__feat_lil_wayne__eminem_and_kanye_west_.mp3 [2010/06/29 21:47:04 | 007,287,637 | ---- | M] () -- C:\Users\Day Bduard\Documents\Eminem_-_Taking_My_Ball.mp3 [2010/06/29 21:47:04 | 007,032,172 | ---- | M] () -- C:\Users\Day Bduard\Documents\Eminem_-_Elevator.mp3 [2010/06/29 21:47:04 | 006,174,357 | ---- | M] () -- C:\Users\Day Bduard\Documents\Eminem-BuffaloBill.mp3 [2010/06/28 22:51:06 | 000,012,112 | ---- | M] () -- C:\Users\Day Bduard\Documents\My Opinion.docx [2010/06/22 14:54:13 | 004,076,254 | ---- | M] () -- C:\Users\Day Bduard\Documents\TearsForFears-HeadOverHeels.mp3 [2 C:\Users\Day Bduard\Documents\*.tmp files -> C:\Users\Day Bduard\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/09/13 22:40:18 | 000,000,264 | ---- | C] () -- C:\Users\Day Bduard\AppData\Roaming\WinssCookie.txt [2010/09/12 21:12:17 | 009,054,208 | ---- | C] () -- C:\Users\Day Bduard\Documents\The_End_Of_Heartache.mp3 [2010/09/12 14:33:57 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/12 01:04:16 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2010/09/10 23:12:14 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/09/10 01:17:39 | 000,042,196 | ---- | C] () -- C:\Users\Day Bduard\Documents\Sharaput POL 203 FAll 2010.docx [2010/09/09 21:04:38 | 000,000,005 | ---- | C] () -- C:\zrpt.xml [2010/09/09 17:35:15 | 005,322,992 | ---- | C] () -- C:\Users\Day Bduard\Documents\Drake-9am In Dallas.mp3 [2010/09/09 12:38:02 | 000,037,552 | ---- | C] () -- C:\Users\Day Bduard\Documents\CYC347_course_outline_fall_2010.docx [2010/09/07 19:01:28 | 000,014,074 | ---- | C] () -- C:\Users\Day Bduard\Documents\Obama!!.docx [2010/09/07 00:22:26 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/08/25 21:16:36 | 000,001,090 | ---- | C] () -- C:\Users\Day Bduard\Desktop\Free FLV Converter.lnk [2010/08/25 21:16:33 | 000,364,544 | ---- | C] () -- C:\windows\System32\PropertyGrid.ocx [2010/08/25 21:16:33 | 000,208,500 | ---- | C] () -- C:\windows\System32\ReyXpBasics.tlb [2010/08/25 21:16:32 | 000,024,576 | ---- | C] () -- C:\windows\System32\ControlSubX.ocx [2010/08/22 11:28:37 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/08/08 22:44:53 | 000,011,375 | ---- | C] () -- C:\Users\Day Bduard\Documents\Can you speak more than one language.docx [2010/07/26 19:04:42 | 000,001,414 | ---- | C] () -- C:\Users\Day Bduard\Desktop\Continue Flash Player Installation.lnk [2010/07/19 23:02:29 | 000,000,162 | -H-- | C] () -- C:\Users\Day Bduard\Documents\~$WATER.docx [2010/07/06 01:07:03 | 000,018,349 | ---- | C] () -- C:\Users\Day Bduard\Documents\WATER.docx [2010/07/01 20:00:45 | 008,122,287 | ---- | C] () -- C:\Users\Day Bduard\Documents\10 - Circle Of Hell - www.file24ever.com.mp3 [2010/07/01 20:00:45 | 003,827,756 | ---- | C] () -- C:\Users\Day Bduard\Documents\03 - Meet John Constantine - www.file24ever.com.mp3 [2010/06/30 01:37:43 | 000,016,775 | ---- | C] () -- C:\Users\Day Bduard\Documents\Arts and Crafts.docx [2010/06/28 22:51:04 | 000,012,112 | ---- | C] () -- C:\Users\Day Bduard\Documents\My Opinion.docx [2010/01/12 22:07:03 | 006,694,666 | ---- | C] () -- C:\Users\Day Bduard\AppData\Roaming\UserTile.png [2010/01/12 21:27:21 | 000,000,070 | ---- | C] () -- C:\windows\A4W.INI [2010/01/12 17:36:23 | 000,061,440 | ---- | C] () -- C:\windows\System32\cygz.dll [2009/11/01 08:07:27 | 002,012,153 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009/10/29 05:42:14 | 000,057,344 | ---- | C] () -- C:\windows\System32\CMDRedirect.dll [2009/10/28 11:44:10 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI [2009/10/28 11:33:02 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll [2009/10/28 11:26:05 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll [2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/04/28 07:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll ========== LOP Check ========== [2010/08/25 21:09:05 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Any Flv Converter [2010/09/14 00:16:11 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Azureus [2009/10/28 15:20:21 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\CopyTrans [2010/08/25 21:16:45 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\FreeFLVConverter [2010/01/02 06:08:34 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Toshiba [2009/10/28 15:34:06 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\TuneAid [2009/10/29 05:43:40 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\TuneUpMedia [2009/10/29 05:42:16 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Twins Software [2010/01/07 18:03:58 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Ulead Systems [2009/11/16 01:05:32 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\Uniblue [2009/10/29 04:50:35 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\WildTangent [2009/10/28 15:19:19 | 000,000,000 | ---D | M] -- C:\Users\Day Bduard\AppData\Roaming\WindSolutions [2010/07/01 11:04:15 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2009/08/20 10:00:40 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2010/09/13 22:47:54 | 2287,632,384 | -HS- | M] () -- C:\hiberfil.sys [2009/10/29 02:32:52 | 000,551,368 | ---- | M] () -- C:\ituneslib.itl [2010/09/13 22:47:55 | 3050,176,512 | -HS- | M] () -- C:\pagefile.sys [2010/09/09 21:04:38 | 000,000,005 | ---- | M] () -- C:\zrpt.xml < %systemroot%\Fonts\*.com > [2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont [2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont [2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2009/07/13 21:15:25 | 000,319,488 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfppw73.dll [2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll [2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > [2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x > < %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x > [2009/10/28 12:20:30 | 000,000,221 | -HS- | M] () -- C:\Users\Day Bduard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini < %USERPROFILE%\Desktop\*.exe > [2010/09/13 23:31:17 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Day Bduard\Desktop\OTL.exe [2009/10/29 02:29:41 | 005,517,824 | ---- | M] (Jeffrey Harris) -- C:\Users\Day Bduard\Desktop\SharePod.exe < %PROGRAMFILES%\Common Files\*.* > < %systemroot%\*.src > < %systemroot%\install\*.* > < %systemroot%\system32\DLL\*.* > < %systemroot%\system32\HelpFiles\*.* > < %systemroot%\system32\rundll\*.* > < %systemroot%\winn32\*.* > < %systemroot%\Java\*.* > < %systemroot%\system32\test\*.* > < %systemroot%\system32\Rundll32\*.* > < %systemroot%\AppPatch\Custom\*.* > < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x > < %PROGRAMFILES%\PC-Doctor\Downloads\*.* > < %PROGRAMFILES%\Internet Explorer\*.tmp > < %PROGRAMFILES%\Internet Explorer\*.dat > < %USERPROFILE%\My Documents\*.exe > < %USERPROFILE%\*.exe > < %systemroot%\ADDINS\*.* > [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf < %systemroot%\assembly\*.bak2 > < %systemroot%\Config\*.* > < %systemroot%\REPAIR\*.bak2 > < %systemroot%\SECURITY\Database\*.sdb /x > < %systemroot%\SYSTEM\*.bak2 > < %systemroot%\Web\*.bak2 > < %systemroot%\Driver Cache\*.* > < %PROGRAMFILES%\Mozilla Firefox\0*.exe > < %ProgramFiles%\Microsoft Common\*.* > < %ProgramFiles%\TinyProxy. > < %USERPROFILE%\Favorites\*.url /x > [2010/08/04 07:20:53 | 000,000,402 | -HS- | M] () -- C:\Users\Day Bduard\Favorites\desktop.ini < %systemroot%\system32\*.bk > < %systemroot%\*.te > < %systemroot%\system32\system32\*.* > < %ALLUSERSPROFILE%\*.dat /x > [2010/09/13 23:00:04 | 002,012,153 | ---- | M] () -- C:\ProgramData\hpzinstall.log < %systemroot%\system32\drivers\*.rmv > < dir /b "%systemroot%\system32\*.exe" | find /i " " /c > < dir /b "%systemroot%\*.exe" | find /i " " /c > < %PROGRAMFILES%\Microsoft\*.* > < %systemroot%\System32\Wbem\proquota.exe > < %PROGRAMFILES%\Mozilla Firefox\*.dat > < %USERPROFILE%\Cookies\*.txt /x > < %SystemRoot%\system32\fonts\*.* > < %systemroot%\system32\winlog\*.* > < %systemroot%\system32\Language\*.* > < %systemroot%\system32\Settings\*.* > < %systemroot%\system32\*.quo > < %SYSTEMROOT%\AppPatch\*.exe > < %SYSTEMROOT%\inf\*.exe > < %SYSTEMROOT%\Installer\*.exe > < %systemroot%\system32\config\*.bak2 > < %systemroot%\system32\Computers\*.* > < %SystemRoot%\system32\Sound\*.* > < %SystemRoot%\system32\SpecialImg\*.* > < %SystemRoot%\system32\code\*.* > < %SystemRoot%\system32\draft\*.* > < %SystemRoot%\system32\MSSSys\*.* > < %ProgramFiles%\Javascript\*.* > < %systemroot%\pchealth\helpctr\System\*.exe /s > < %systemroot%\Web\*.exe > < %systemroot%\system32\msn\*.* > < %systemroot%\system32\*.tro > < %AppData%\Microsoft\Installer\msupdates\*.* > < %ProgramFiles%\Messenger\*.exe > < %systemroot%\system32\systhem32\*.* > < %systemroot%\system\*.exe > < %USERPROFILE%\Templates\*.tmp > < %SYSTEMDRIVE%\explorexxx.exe\*.* > < %Windir%\Installer\*.tmp > [1 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ] < %systemroot%\System32\*.xco > < %ProgramFiles%\system32\*.* > < %systemroot%\System32\windos\*.* > < %SystemRoot%\system32\sandbox\*.* > < %SystemRoot%\system32\*.amo > < %SystemRoot%\system32\Windows Live\*.* > < %ProgramFiles%\logs\*.* > < %ProgramFiles%\Bifrost\*.* > < %SystemRoot%\system32\*.goo > < %systemroot%\system32\IME\*.* > < %systemroot%\BackUp\*.* > < %systemroot%\system32\*.ico > [2009/06/10 17:17:19 | 000,116,288 | ---- | M] () -- C:\Windows\System32\PerfCenterCpl.ico < %systemroot%\system\*.dat > < %systemroot%\system\*.exe > < %AppData%\Macromedia\Common\*.* > < %SYSTEMDRIVE%\dir\*.* /s > < %systemroot%\system32\ras\*.exe > < %SYSTEMDRIVE%\MFILES\*.* > < %SYSTEMDRIVE%\mDNSRespon.exe\*.* > < %systemroot%\system32\services\*.* > < %systemroot%\Spooler\*.* > < %ProgramFiles%\system32\*.* > < %systemroot%\system32\Setup\*.dll /x > < %systemroot%\system32\*.mine > < %SYSTEMDRIVE%\cleansweep.exe\*.* > < %systemroot%\system32\ras\*.dll > < %systemroot%\system32\ras\*.drv > < %systemroot%\*.iq > < %systemroot%\system32\XP\*.* > < %SYSTEMDRIVE%\Extracted\*.* > < %systemroot%\system32\windows\*.* > < %systemroot%\logs\*.* > [2009/10/28 11:36:53 | 000,051,558 | ---- | M] () -- C:\Windows\Logs\DirectX.log < %SYSTEMDRIVE%\Win.Msi\*.* > < %systemroot%\regedit\*.* > < %systemroot%\system32\skype\*.* > < %AppData%\Adobe\dlluplwin25\*.* > < %UserProfile%\*.dat > [2010/09/13 23:54:20 | 003,932,160 | -HS- | M] () -- C:\Users\Day Bduard\ntuser.dat < %UserProfile%\*.dll > < %systemroot%\system32\*.sxo > < %SYSTEMDRIVE%\Gazma\*.* /s > < %systemroot%\system32\spynet\*.* > < %systemroot%\system32\System\*.* > < %appdata%\Microsoft\Windows\*.* > < %systemroot%\system32\WinDir\*.* > < %systemroot%\_\*.* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 02:47:16 ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0CB6E0BD < End of report >
  14. D. Elliot
    Hi, I had previously caught something (some sort of trojan/adware) and was using various anti-virsus scans (avg, avast and malwarebytes) due to constant warnings from avg. Eventually, the trojans stopped popping up, but malwarebytes kept detecting this hijack.folderoption. Oddly, the other anti-virsus software doesn't seem to detect it.
  15. D. Elliot
    Hi, I forgot to paste the last log I recieved. Thanks again! Database version: 4602 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 13/09/2010 9:37:01 PM mbam-log-2010-09-13 (21-37-01).txt Scan type: Quick scan Objects scanned: 142372 Time elapsed: 9 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.