Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have google redirecting virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 TayOranges

TayOranges

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 29 April 2009 - 06:23 PM

I have a trojan that when I go to google.com on my I.E. regardless of what link I select it brings me to some advertising site. My malwarebytes is unable to find the trojan although every once in awhile it will find a new trojan.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Taylor at 17:07:58.30 on 29/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.512 [GMT -6:00]

AV: Prevx 3.0 *On-access scanning enabled* (Updated)
AV: Shaw Secure 2.0 7.03 *On-access scanning enabled* (Updated)
FW: Shaw Secure 2.0 7.03 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Taylor\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://shoptoshiba.ca/welcome
uSearch Bar = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [TPSMain] TPSMain.exe
mRun: [F-Secure Manager] "c:\program files\shaw secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\shaw secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [VGO Live] c:\program files\21cn\vgo\vgo.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\taylor~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mlbtvn~1.lnk - c:\program files\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166744840921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240754524621&h=06ca4804383370a6eca1b7b6f7472c9e/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-1-3 51072]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-4-26 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-4-26 27656]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\shaw secure\hips\fshs.sys [2008-1-3 41184]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-4-26 4368440]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\shaw secure\anti-virus\fsgk32st.exe [2008-1-3 47800]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\shaw secure\anti-virus\minifilter\fsgk.sys [2008-1-3 59488]
S0 xiigc;xiigc;c:\windows\system32\drivers\nanq.sys --> c:\windows\system32\drivers\nanq.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\shaw secure\anti-virus\win2k\fsfilter.sys [2008-1-3 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\shaw secure\anti-virus\win2k\fsrec.sys [2008-1-3 25184]

=============== Created Last 30 ================

2009-04-26 08:52 <DIR> --d----- c:\documents and settings\taylor\.SunDownloadManager
2009-04-26 08:48 27,656 a------- c:\windows\system32\drivers\pxsec.sys
2009-04-26 08:48 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-04-26 08:48 <DIR> --d----- c:\program files\Prevx
2009-04-26 08:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-04-26 08:02 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-26 07:55 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-15 16:59 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 16:58 473,088 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:58 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 16:58 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:58 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:58 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 16:58 60,416 -c------ c:\windows\system32\dllcache\colbact.dll
2009-04-15 16:58 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-04-15 16:58 715,264 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:58 617,984 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-05 01:04 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-04-05 01:04 12,160 a------- c:\windows\system32\drivers\mouhid.sys

==================== Find3M ====================

2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-06 08:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 18:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 12:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 04:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 04:01 728,576 a------- c:\windows\system32\lsasrv.dll
2009-02-09 04:01 617,984 a------- c:\windows\system32\advapi32.dll
2009-02-09 04:01 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:01 715,264 a------- c:\windows\system32\ntdll.dll
2009-02-06 04:29 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 04:22 110,592 a------- c:\windows\system32\services.exe
2009-02-06 03:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:49 2,020,864 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 14:08 55,808 a------- c:\windows\system32\secur32.dll

============= FINISH: 17:08:21.33 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:25 PM

Posted 30 April 2009 - 12:48 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 TayOranges

TayOranges
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 01 May 2009 - 01:05 AM

Hi, thanks for the fast reply. About the behaviour of my computer everthing else seems to be working properly and it hasn't slowed down, at least not that I can tell. The only real problem I've had so far is that my internet explorer will redirect on google or else sometimes encounter a problem and need to close. When this first occured I went to system restore but it wouldn't allow me to so I turned off system restore as I was told sometimes malicious files will hide there. Here's the documents created from the first log creator:

OTListIt Extras logfile created on: 30/04/2009 11:45:07 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Documents and Settings\Taylor\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.98 Mb Total Physical Memory | 390.75 Mb Available Physical Memory | 38.54% Memory free
2.39 Gb Paging File | 1.78 Gb Available in Paging File | 74.52% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.54 Gb Total Space | 54.91 Gb Free Space | 54.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.95 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAYLOR
Current User Name: Taylor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 06:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/10/10 06:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client
[2008/11/17 18:47:25 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{72E3FF67-450F-4ADD-99A7-4147780F6C7B}_is1" = Shaw Support 7.0
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Autobahn" = MLB.TV NexDef Plug-in
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Bell Mobility Music Backup Application_is1" = Bell Mobility Music Backup Application 2.0.0.4
"Comical_is1" = Comical 0.8
"F-Secure Product 277" = Shaw Secure 2.0
"HyperCam 2" = HyperCam 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCSI" = Prevx 3.0
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Shaw Internet Update_is1" = Shaw Internet Update 3.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SopCast" = SopCast 3.0.3
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3309703226-3803944208-199911661-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/05/2008 9:23:34 PM | Computer Name = TAYLOR | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting
module flash9b.ocx, version 9.0.28.0, fault address 0x00063ac2.

Error - 15/05/2008 2:20:43 AM | Computer Name = TAYLOR | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2008-05-15 00:20:42-06:00 taylor TAYLOR\Taylor F-Secure
Anti-Virus Scanning of C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2982_X-WW_AC3F9C03\COMCTL32.DLL
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 15/05/2008 4:55:45 AM | Computer Name = TAYLOR | Source = F-Secure Anti-Virus | ID = 103
Description = 2 2008-05-15 02:55:43-06:00 taylor TAYLOR\Taylor F-Secure
Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\WMI.DLL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 15/05/2008 4:59:35 PM | Computer Name = TAYLOR | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting
module unknown, version 0.0.0.0, fault address 0x690025ff.

Error - 16/05/2008 3:34:58 AM | Computer Name = TAYLOR | Source = F-Secure Anti-Virus | ID = 103
Description = 3 2008-05-16 01:34:57-06:00 taylor TAYLOR\Taylor F-Secure
Anti-Virus Scanning of C:\WINDOWS\EHOME\EHKEYCTL.DLL was aborted due to exceeded
scanning time limit. The file may be in use or reading it was too slow (e.g. network
connection was under stress).

Error - 16/05/2008 6:24:30 AM | Computer Name = TAYLOR | Source = F-Secure Anti-Virus | ID = 103
Description = 4 2008-05-16 04:24:29-06:00 taylor TAYLOR\Taylor F-Secure
Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\WINLOGON.EXE was
aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 16/05/2008 8:35:25 PM | Computer Name = TAYLOR | Source = F-Secure Anti-Virus | ID = 103
Description = 5 2008-05-16 18:35:24-06:00 taylor TAYLOR\Taylor F-Secure
Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\WBEM\CIMWIN32.DLL
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 17/05/2008 10:37:16 AM | Computer Name = TAYLOR | Source = F-Secure Anti-Virus | ID = 103
Description = 6 2008-05-17 08:37:16-06:00 taylor TAYLOR\Taylor F-Secure
Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\Taylor\LOCAL
SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U1A1QAY2\LEGENDSFORUMS_COM[1].HTM
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 18/05/2008 12:22:25 AM | Computer Name = TAYLOR | Source = F-Secure Anti-Virus | ID = 103
Description = 7 2008-05-17 22:22:22-06:00 taylor TAYLOR\Taylor F-Secure
Anti-Virus Scanning of C:\WINDOWS\SYSTEM32\WSHTCPIP.DLL was aborted due to exceeded
scanning time limit. The file may be in use or reading it was too slow (e.g. network
connection was under stress).

Error - 18/05/2008 1:52:58 AM | Computer Name = TAYLOR | Source = F-Secure Anti-Virus | ID = 103
Description = 8 2008-05-17 23:52:58-06:00 taylor TAYLOR\Taylor F-Secure
Anti-Virus Scanning of C:\WINDOWS\SYSTEM32\MSLTUS40.DLL was aborted due to exceeded
scanning time limit. The file may be in use or reading it was too slow (e.g. network
connection was under stress).

[ System Events ]
Error - 24/04/2009 11:56:12 PM | Computer Name = TAYLOR | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 24/04/2009 11:56:12 PM | Computer Name = TAYLOR | Source = F-Secure Gatekeeper | ID = 327681
Description = Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume1\WI...fastprox.dll.
For more information, please visit the customer support web pages at http://support.f-secure.com/enu/home/
for assistance.

Error - 25/04/2009 8:21:58 AM | Computer Name = TAYLOR | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.13 on
the Network Card with network address 0018DEA6D806.

Error - 25/04/2009 8:41:24 AM | Computer Name = TAYLOR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
TYLER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C1FC61DD-AA2F-4477-B39.
The
master browser is stopping or an election is being forced.

Error - 25/04/2009 8:52:17 PM | Computer Name = TAYLOR | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.13 on
the Network Card with network address 0018DEA6D806.

Error - 26/04/2009 1:18:09 AM | Computer Name = TAYLOR | Source = F-Secure Gatekeeper | ID = 327681
Description = Real-time scanning failure occurred. Intercepted file name=\Device\HarddiskVolume1\Progr...avh_BLENG.
For more information, please visit the customer support web pages at http://support.f-secure.com/enu/home/
for assistance.

Error - 26/04/2009 8:12:52 AM | Computer Name = TAYLOR | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 26/04/2009 8:31:54 AM | Computer Name = TAYLOR | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 26/04/2009 9:24:43 AM | Computer Name = TAYLOR | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 30/04/2009 2:01:16 AM | Computer Name = TAYLOR | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.13 on
the Network Card with network address 0018DEA6D806.


< End of report >

OTListIt logfile created on: 30/04/2009 11:45:07 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Documents and Settings\Taylor\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.98 Mb Total Physical Memory | 390.75 Mb Available Physical Memory | 38.54% Memory free
2.39 Gb Paging File | 1.78 Gb Available in Paging File | 74.52% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.54 Gb Total Space | 54.91 Gb Free Space | 54.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.95 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAYLOR
Current User Name: Taylor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/08/02 01:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/08/02 01:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/01/17 17:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/04/26 08:48:58 | 04,368,440 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2004/08/27 10:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2007/11/01 05:42:04 | 00,047,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
PRC - [2008/10/21 23:52:33 | 00,432,224 | ---- | M] (F-Secure Corp.) -- C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
PRC - [2007/11/01 05:42:56 | 00,113,304 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE
PRC - [2007/11/01 05:42:58 | 00,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSMB32.EXE
PRC - [2009/04/26 08:01:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/11/01 05:42:56 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FCH32.EXE
PRC - [2006/08/02 01:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/02/07 18:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2009/04/26 08:48:58 | 04,368,440 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2007/11/01 05:42:06 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
PRC - [2007/11/01 05:42:56 | 00,391,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
PRC - [2007/11/01 05:41:52 | 00,461,408 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
PRC - [2007/11/01 05:42:16 | 00,453,216 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
PRC - [2008/10/21 23:52:34 | 00,514,656 | ---- | M] (F-Secure Corp.) -- C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
PRC - [2007/11/16 09:27:40 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
PRC - [2005/08/05 15:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/05/04 16:59:16 | 16,206,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/08/05 15:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2005/12/12 17:50:02 | 00,088,204 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2006/03/16 14:58:50 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/10/06 07:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2005/04/26 18:13:20 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2006/02/02 14:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2006/08/25 15:47:12 | 00,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
PRC - [2005/08/16 13:23:12 | 00,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2004/08/17 13:37:44 | 00,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
PRC - [2006/03/02 02:02:08 | 00,761,948 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/08/02 01:38:30 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2006/08/02 01:32:44 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2006/03/22 22:17:04 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2006/03/22 22:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/03/22 22:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/05/31 22:00:12 | 00,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2007/11/01 05:42:56 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSM32.EXE
PRC - [2006/03/02 01:50:52 | 00,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/08/02 01:27:54 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2009/04/26 08:01:49 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/12/30 02:32:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2005/05/31 21:59:58 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2008/04/12 14:44:23 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/29 04:40:30 | 00,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/03/30 17:52:34 | 00,799,496 | ---- | M] () -- C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2004/08/27 10:37:00 | 00,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2007/11/01 05:42:48 | 00,465,504 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
PRC - [2007/04/19 13:49:52 | 00,064,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
PRC - [2009/02/27 22:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2007/11/01 05:42:04 | 00,319,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
PRC - [2009/04/30 23:44:21 | 00,504,320 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Taylor\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/01/17 17:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/04/26 08:48:58 | 04,368,440 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner [Auto | Running])
SRV - [2004/08/27 10:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/08/02 01:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2007/11/01 05:42:04 | 00,047,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running])
SRV - [2007/11/01 05:41:52 | 00,461,408 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Running])
SRV - [2007/11/01 05:42:16 | 00,453,216 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe -- (FSDFWD [On_Demand | Running])
SRV - [2007/11/01 05:42:56 | 00,113,304 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE -- (FSMA [Auto | Running])
SRV - [2007/12/28 19:45:20 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/10 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/26 08:01:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/08/02 01:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/08/02 01:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2006/02/07 18:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/12/21 02:14:42 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/12/12 19:08:44 | 01,124,097 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2005/10/06 07:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 14:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/10/06 07:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/10/06 07:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/10/06 07:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/10/06 07:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 14:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/10/06 07:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/10/06 07:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 05:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 07:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/01/12 01:27:48 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2007/11/01 05:42:06 | 00,039,776 | ---- | M] () -- C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter [Disabled | Stopped])
DRV - [2007/11/01 05:42:06 | 00,059,488 | ---- | M] () -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running])
DRV - [2008/02/14 18:47:08 | 00,041,184 | ---- | M] () -- C:\Program Files\Shaw Secure\HIPS\fshs.sys -- (F-Secure HIPS [System | Running])
DRV - [2007/11/01 05:42:06 | 00,025,184 | ---- | M] () -- C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer [Disabled | Stopped])
DRV - [2008/03/17 16:53:48 | 00,051,072 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW [Boot | Running])
DRV - [2005/01/07 19:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/03/22 22:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2006/05/04 17:13:52 | 04,271,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2003/09/11 01:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2005/06/01 13:33:00 | 00,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\System32\Drivers\meiudf.sys -- (meiudf [System | Running])
DRV - [2003/01/29 15:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2006/07/25 20:39:32 | 01,707,776 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
DRV - [2003/09/19 03:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/04/22 18:15:25 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009/04/26 08:48:58 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan [Boot | Running])
DRV - [2009/04/26 08:48:58 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec [Boot | Running])
DRV - [2006/08/02 02:27:48 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/01/18 17:52:01 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/03/02 01:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2002/01/24 15:43:40 | 00,006,528 | ---- | M] () -- C:\WINDOWS\system32\Drivers\Tbiosdrv.sys -- (TBiosDrv [On_Demand | Stopped])
DRV - [2005/11/29 20:12:00 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2005/09/09 16:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Stopped])
DRV - [2005/10/20 16:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\DRIVERS\NBSMI.sys -- (TVALD [On_Demand | Running])
DRV - [2006/05/30 18:42:52 | 00,045,696 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
DRV - [2006/06/20 15:00:30 | 00,021,312 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2006/06/20 15:00:40 | 00,038,144 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2006/06/20 15:00:18 | 00,039,248 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3309703226-3803944208-199911661-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3309703226-3803944208-199911661-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3309703226-3803944208-199911661-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://shoptoshiba.ca/welcome
IE - HKU\S-1-5-21-3309703226-3803944208-199911661-1005\S-1-5-21-3309703226-3803944208-199911661-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Search"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2007/06/07 12:38:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/26 08:01:49 | 00,000,000 | ---D | M]

[2008/11/16 11:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Taylor\Application Data\mozilla\Firefox\Profiles\fklyu7yk.default\extensions
[2008/09/22 22:31:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Taylor\Application Data\mozilla\Firefox\Profiles\fklyu7yk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/02/12 16:19:30 | 00,001,166 | ---- | M] () -- C:\Documents and Settings\Taylor\Application Data\Mozilla\FireFox\Profiles\fklyu7yk.default\searchplugins\shaw.xml
[2008/04/04 19:51:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/26 06:12:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{4D0CA54F-736B-40A9-AF4C-AC876F1F63B9}
[2008/04/04 19:51:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org-trash

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3309703226-3803944208-199911661-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW (F-Secure Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VGO Live] C:\Program Files\21cn\VGO\vgo.exe -startup File not found
O4 - HKU\S-1-5-21-3309703226-3803944208-199911661-1005..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKU\S-1-5-21-3309703226-3803944208-199911661-1005..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-3309703226-3803944208-199911661-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3309703226-3803944208-199911661-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat ()
O4 - Startup: C:\Documents and Settings\Taylor\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3309703226-3803944208-199911661-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3309703226-3803944208-199911661-1005\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1166744840921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/29 17:10:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/30 23:44:14 | 00,504,320 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Taylor\Desktop\OTListIt2.exe
[2009/04/29 17:07:26 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\dds.scr
[2009/04/26 08:53:31 | 00,001,225 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\jre-6u13-windows-i586-p.exe.sdm
[2009/04/26 08:48:58 | 00,027,656 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2009/04/26 08:48:58 | 00,022,024 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/04/26 08:48:58 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/04/26 08:48:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/04/26 07:58:29 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/23 17:29:43 | 00,101,344 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\quiz6Rsol.pdf
[2009/04/23 14:05:26 | 00,023,059 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20Assignment%203%20Problems.pdf
[2009/04/23 14:05:20 | 00,046,816 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20Assignment%203%20Solutions.pdf
[2009/04/23 14:04:58 | 00,094,884 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\ENEL_Midterm_2_ans.pdf
[2009/04/23 14:04:50 | 00,345,913 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\ENEL471_Midterm1_Solutions.pdf
[2009/04/23 14:04:39 | 00,024,179 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\Midterm%201%20Practice%20Problems.pdf
[2009/04/23 14:04:33 | 03,297,221 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\Solution_to_Midterm1_Practice_Problems.pdf
[2009/04/23 14:04:03 | 01,162,570 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\Midterm2_Practice_1_of_2.pdf
[2009/04/23 14:03:49 | 01,066,377 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\Midterm2_Practice_2_of_2.pdf
[2009/04/23 14:03:37 | 00,031,538 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20Midterm%20_2%20Practice%20Problems.pdf
[2009/04/23 14:03:27 | 00,021,396 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20Assignment%204%20Problems.pdf
[2009/04/23 14:03:19 | 00,583,564 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20-%20Assignment%204%20Solutions.pdf
[2009/04/23 14:02:56 | 00,067,970 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20Final%20Exam%20Practice%20Problems.pdf
[2009/04/23 14:02:46 | 00,889,604 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\FinalExam_Practice_2_of_2.pdf
[2009/04/23 14:02:35 | 00,944,149 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\FinalExam_Practice_1_of_2.pdf
[2009/04/23 14:02:15 | 00,020,730 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20Final%20Exam%20Material.pdf
[2009/04/19 04:13:53 | 03,916,028 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\pregnant-women-rehearsal-track-garfunkel-and-oates.mp3
[2009/04/19 04:13:33 | 03,589,821 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\i-would-never-rehearsal-track-garfunkel-and-oates.mp3
[2009/04/19 04:13:13 | 03,557,489 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\late-nite-text-subtext-rehearsal-track-vanity-smerf.mp3
[2009/04/19 04:12:50 | 02,938,297 | ---- | C] () -- C:\Documents and Settings\Taylor\Desktop\beige-curtains-rehearsal-track-vanity-smerf.mp3
[2009/04/15 16:59:28 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 16:58:21 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 16:58:21 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 16:58:21 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 16:58:21 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 16:58:21 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 16:58:21 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/15 16:58:21 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/15 16:58:20 | 00,715,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 16:58:20 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/05 01:04:26 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/04/05 01:04:26 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/01/18 17:52:01 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/06/04 01:46:28 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/04/04 17:00:25 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/04/22 18:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 18:01:47 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/21 02:13:55 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2006/09/04 17:37:21 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/30 00:15:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/29 19:40:08 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/01/29 19:40:08 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006/01/29 19:02:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/01/29 18:59:57 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/01/29 18:59:57 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/01/29 18:59:07 | 00,000,230 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/29 18:58:01 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/29 18:58:01 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/29 18:58:01 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/29 18:58:01 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/29 18:58:01 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/29 18:58:01 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/29 18:53:08 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/01/29 18:53:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/01/29 18:53:08 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/01/29 18:53:08 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/01/29 18:52:21 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/01/29 17:42:43 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/29 17:15:55 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/29 15:55:21 | 00,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/01/29 15:54:48 | 00,000,756 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/01/29 15:54:44 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/09/02 16:44:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 16:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 23:30:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 19:04:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 16:43:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== Files - Modified Within 30 Days ==========

[13 C:\WINDOWS\System32\*.tmp files]
[2009/04/30 23:44:21 | 00,504,320 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Taylor\Desktop\OTListIt2.exe
[2009/04/30 23:40:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/30 23:40:17 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Taylor\Local Settings\desktop.ini
[2009/04/30 23:40:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/30 23:40:03 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/29 17:49:27 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/29 17:07:28 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\dds.scr
[2009/04/29 16:48:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/26 08:53:31 | 00,001,225 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\jre-6u13-windows-i586-p.exe.sdm
[2009/04/26 08:48:58 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2009/04/26 08:48:58 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/04/26 08:48:52 | 00,000,230 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/26 06:30:36 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\tohekofe
[2009/04/23 17:29:43 | 00,101,344 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\quiz6Rsol.pdf
[2009/04/23 14:05:26 | 00,023,059 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20Assignment%203%20Problems.pdf
[2009/04/23 14:05:20 | 00,046,816 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20Assignment%203%20Solutions.pdf
[2009/04/23 14:04:58 | 00,094,884 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\ENEL_Midterm_2_ans.pdf
[2009/04/23 14:04:50 | 00,345,913 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\ENEL471_Midterm1_Solutions.pdf
[2009/04/23 14:04:39 | 00,024,179 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\Midterm%201%20Practice%20Problems.pdf
[2009/04/23 14:04:33 | 03,297,221 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\Solution_to_Midterm1_Practice_Problems.pdf
[2009/04/23 14:04:04 | 01,162,570 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\Midterm2_Practice_1_of_2.pdf
[2009/04/23 14:03:49 | 01,066,377 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\Midterm2_Practice_2_of_2.pdf
[2009/04/23 14:03:37 | 00,031,538 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20Midterm%20_2%20Practice%20Problems.pdf
[2009/04/23 14:03:27 | 00,021,396 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20Assignment%204%20Problems.pdf
[2009/04/23 14:03:19 | 00,583,564 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20-%20Assignment%204%20Solutions.pdf
[2009/04/23 14:02:56 | 00,067,970 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20Final%20Exam%20Practice%20Problems.pdf
[2009/04/23 14:02:46 | 00,889,604 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\FinalExam_Practice_2_of_2.pdf
[2009/04/23 14:02:35 | 00,944,149 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\FinalExam_Practice_1_of_2.pdf
[2009/04/23 14:02:15 | 00,020,730 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\ENEL%20471%20Final%20Exam%20Material.pdf
[2009/04/19 04:20:27 | 02,938,297 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\beige-curtains-rehearsal-track-vanity-smerf.mp3
[2009/04/19 04:13:53 | 03,916,028 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\pregnant-women-rehearsal-track-garfunkel-and-oates.mp3
[2009/04/19 04:13:33 | 03,589,821 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\i-would-never-rehearsal-track-garfunkel-and-oates.mp3
[2009/04/19 04:13:13 | 03,557,489 | ---- | M] () -- C:\Documents and Settings\Taylor\Desktop\late-nite-text-subtext-rehearsal-track-vanity-smerf.mp3
[2009/04/16 12:32:27 | 00,492,038 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 12:32:27 | 00,416,202 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 12:32:27 | 00,068,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 03:04:11 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >

This next part, I believe I did what you wanted but I didn't have to unzip any files or click anything, but I got to a screen where everything but the show all was clicked that had scan and copy. Here's the results to that:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-01 00:02:15
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

INT 0x62 ? 863D5BF8
INT 0x82 ? 863D5BF8
INT 0x83 ? 861ADF00
INT 0x84 ? 861ADF00
INT 0x94 ? 861ADF00

Code 85D90BE0 ZwEnumerateKey
Code 8555F8D8 ZwFlushInstructionCache
Code \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) IoCreateDevice
Code 8555A1D6 IofCallDriver
Code 86354B4E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8555A1DB
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 86354B53
PAGE ntoskrnl.exe!ZwEnumerateKey 80578EE4 5 Bytes JMP 85D90BE4
PAGE ntoskrnl.exe!ZwFlushInstructionCache 805873DB 5 Bytes JMP 8555F8DC
? spfa.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6F9362C 5 Bytes JMP 861AD4E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1192] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 009A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!HttpOpenRequestA 78064321 5 Bytes JMP 00C8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!InternetConnectA 7806497A 5 Bytes JMP 0098000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!InternetConnectW 78065B68 5 Bytes JMP 0099000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!HttpOpenRequestW 78065D42 5 Bytes JMP 00C9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!InternetQueryDataAvailable 7806ADF5 5 Bytes JMP 00C0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!HttpSendRequestA 7806CD40 5 Bytes JMP 00C6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!InternetSetStatusCallback 7807288F 5 Bytes JMP 00C4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!HttpSendRequestW 7808082D 5 Bytes JMP 00C7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!InternetReadFileExW 78082AB2 5 Bytes JMP 00C3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!InternetReadFileExA 78082AEA 5 Bytes JMP 00C2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1192] WININET.dll!InternetSetStatusCallbackW 780BB148 5 Bytes JMP 00C5000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 863D82D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F754FC4C] spfa.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F754FCA0] spfa.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F751F040] spfa.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F751F13C] spfa.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F751F0BE] spfa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F751F7FC] spfa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F751F6D2] spfa.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 861AD5E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F752F048] spfa.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 863D41F8
Device \FileSystem\Udfs \UdfsCdRom 8555E1F8
Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk 8555E1F8
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \Driver\Tcpip \Device\Ip fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 861A8500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 863671F8
Device \Driver\dmio \Device\DmControl\DmConfig 863671F8
Device \Driver\dmio \Device\DmControl\DmPnP 863671F8
Device \Driver\dmio \Device\DmControl\DmInfo 863671F8
Device \Driver\usbuhci \Device\USBPDO-1 861A8500
Device \Driver\usbuhci \Device\USBPDO-2 861A8500
Device \Driver\usbehci \Device\USBPDO-3 8617B1F8
Device \Driver\usbuhci \Device\USBPDO-4 861A8500
Device \Driver\Tcpip \Device\Tcp fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 863D61F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 863D61F8
Device \Driver\Cdrom \Device\CdRom0 8616C500
Device \Driver\Cdrom \Device\CdRom1 8616C500
Device \Driver\NetBT \Device\NetBT_Tcpip_{8E2B4BFC-EA8D-42DD-B30D-339116D5CF97} 854751F8
Device \Driver\atapi \Device\Ide\IdePort0 863D51F8
Device \Driver\atapi \Device\Ide\IdePort1 863D51F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 863D51F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 863D61F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 854751F8
Device \Driver\NetBT \Device\NetbiosSmb 854751F8
Device \Driver\PCI_PNP7030 \Device\0000004d spfa.sys
Device \Driver\Tcpip \Device\Udp fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{C1FC61DD-AA2F-4477-B394-4284943ABB34} 854751F8
Device \Driver\usbuhci \Device\USBFDO-0 861A8500
Device \Driver\usbuhci \Device\USBFDO-1 861A8500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8546C1F8
Device \Driver\Tcpip \Device\IPMULTICAST fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 861A8500
Device \Driver\sptd \Device\1062777030 spfa.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8546C1F8
Device \Driver\usbuhci \Device\USBFDO-3 861A8500
Device \Driver\usbehci \Device\USBFDO-4 8617B1F8
Device \Driver\Ftdisk \Device\FtControl 863D61F8
Device \Driver\a7qn9b6l \Device\Scsi\a7qn9b6l1Port2Path0Target0Lun0 861271F8
Device \Driver\a7qn9b6l \Device\Scsi\a7qn9b6l1 861271F8
Device \FileSystem\Cdfs \Cdfs 85467500

---- EOF - GMER 1.0.15 ----

Edited by TayOranges, 01 May 2009 - 01:09 AM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:25 PM

Posted 01 May 2009 - 11:21 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 TayOranges

TayOranges
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 01 May 2009 - 08:27 PM

I believe I've encountered a problem. First when I tried using combofix it said that my antivirus prevx3.0 was still running, so I discontinued and rechecked my prevx3.0 and saw that it was turned off for 24 hours, which was the option I selected. So I ran combofix, it installed the windows recovery console and afterwards I said yes to continue scanning, my computer restarted and when it came back the combofix when and checked through all the stages and ended with "Preparing Log report, do not open any programs until combofix is done" or something to that effect (I'm on another computer right now). It's been like that for a couple minutes and I'm unsure what to do. I know it said that it could take upwards to 20 minutes and it's only been 10-15 so I'm hoping it might just be taking awhile, however just posting in case I have encountered a problem.

#6 TayOranges

TayOranges
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 02 May 2009 - 05:28 AM

So after waiting well over an hour I restarted my computer. I did have a ComboFix.txt created, not sure if it's complete though. I was thinking perhaps I should re-run combofix after unistalling prevx completely but because of all the warning about the possible damage I could do with this program I decided I would wait for more advice.

Here's the combofix.txt that was created:
ComboFix 09-05-02.4 - Taylor 01/05/2009 19:14:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.696 [GMT -6:00]
Running from: C:\Documents and Settings\Taylor\Desktop\ComboFix.exe
AV: Prevx 3.0 *On-access scanning enabled* (Updated)
AV: Shaw Secure 2.0 7.03 *On-access scanning disabled* (Updated)
FW: Shaw Secure 2.0 7.03 *enabled*
.
/wow section - STAGE 21
pevFind by Billy Robert O'Neal III
Version 0.0.3.1
Distributed under the Boost Software License, Version 1.0.
(See accompanying file LICENSE_1_0.txt or copy at
http://www.boost.org/LICENSE_1_0.txt)

Filename regular expressions library is
"Copyright ©1997-1998 by David R. Tribble, all rights reserved."

The process cannot access the file because it is being used by another process.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-04-26 14:52:56 . 2009-04-26 14:53:38 0 d-----w C:\Documents and Settings\Taylor\.SunDownloadManager
2009-04-26 14:48:58 . 2009-04-26 14:48:58 22024 ----a-w C:\WINDOWS\system32\drivers\pxscan.sys
2009-04-26 14:48:58 . 2009-04-26 14:48:58 27656 ----a-w C:\WINDOWS\system32\drivers\pxsec.sys
2009-04-26 14:48:58 . 2009-04-26 14:48:58 0 d-----w C:\Program Files\Prevx
2009-04-26 14:48:52 . 2009-05-01 06:06:55 0 d-----w C:\Documents and Settings\All Users\Application Data\PrevxCSI
2009-04-26 13:55:30 . 2009-04-26 14:01:49 410984 ----a-w C:\WINDOWS\system32\deploytk.dll
2009-04-15 22:59:28 . 2008-04-21 10:02:07 215552 -c----w C:\WINDOWS\system32\dllcache\wordpad.exe
2009-04-15 22:58:21 . 2009-03-06 14:00:22 284160 -c----w C:\WINDOWS\system32\dllcache\pdh.dll
2009-04-15 22:58:21 . 2005-07-26 04:20:24 60416 -c----w C:\WINDOWS\system32\dllcache\colbact.dll
2009-04-15 22:58:21 . 2009-02-06 09:54:17 35328 -c----w C:\WINDOWS\system32\dllcache\sc.exe
2009-04-15 22:58:21 . 2009-02-09 10:01:53 401408 -c----w C:\WINDOWS\system32\dllcache\rpcss.dll
2009-04-15 22:58:21 . 2009-02-06 10:22:21 110592 -c----w C:\WINDOWS\system32\dllcache\services.exe
2009-04-15 22:58:21 . 2009-02-09 10:01:53 473088 -c----w C:\WINDOWS\system32\dllcache\fastprox.dll
2009-04-15 22:58:21 . 2009-02-06 09:41:05 227840 -c----w C:\WINDOWS\system32\dllcache\wmiprvse.exe
2009-04-15 22:58:20 . 2009-02-09 10:01:53 617984 -c----w C:\WINDOWS\system32\dllcache\advapi32.dll
2009-04-15 22:58:20 . 2009-02-09 10:01:52 715264 -c----w C:\WINDOWS\system32\dllcache\ntdll.dll
2009-04-05 07:04:26 . 2001-08-17 19:48:00 12160 -c--a-w C:\WINDOWS\system32\dllcache\mouhid.sys
2009-04-05 07:04:26 . 2001-08-17 19:48:00 12160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 01:13:28 . 2006-01-29 23:13:44 6 ---ha-w C:\WINDOWS\Tasks\SA.DAT
2009-04-26 14:01:43 . 2006-01-29 23:45:34 0 d-----w C:\Program Files\Java
2009-04-26 13:13:55 . 2009-03-29 01:29:34 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-04-26 06:49:28 . 2009-01-20 01:43:28 0 d-----w C:\Program Files\Starcraft
2009-04-06 21:32:54 . 2009-03-29 01:29:36 38496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-04-06 21:32:46 . 2009-03-29 01:29:39 15504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2009-03-29 02:05:06 . 2008-12-13 05:18:01 0 d-----w C:\Program Files\Common
2009-03-06 14:00:22 . 2006-01-29 21:54:41 284160 ----a-w C:\WINDOWS\system32\pdh.dll
2009-03-04 22:32:59 . 2008-04-08 22:19:26 0 d-----w C:\Program Files\Microsoft Silverlight
2009-03-03 00:18:25 . 2006-01-29 21:54:48 826368 ----a-w C:\WINDOWS\system32\wininet.dll
2009-02-20 21:10:06 . 2009-01-10 12:46:30 284 ----a-w C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2009-02-20 18:09:38 . 2006-01-29 21:54:38 78336 ----a-w C:\WINDOWS\system32\ieencode.dll
2009-02-09 10:19:34 . 2006-01-29 21:54:48 1846272 ----a-w C:\WINDOWS\system32\win32k.sys
2009-02-09 10:01:53 . 2006-01-29 21:54:41 401408 ----a-w C:\WINDOWS\system32\rpcss.dll
2009-02-09 10:01:53 . 2006-01-29 21:54:39 728576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2009-02-09 10:01:53 . 2006-01-29 21:54:33 617984 ----a-w C:\WINDOWS\system32\advapi32.dll
2009-02-09 10:01:52 . 2006-01-29 21:54:40 715264 ----a-w C:\WINDOWS\system32\ntdll.dll
2009-02-06 10:29:47 . 2006-01-29 21:54:40 2142720 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 10:22:21 . 2006-01-29 21:54:41 110592 ----a-w C:\WINDOWS\system32\services.exe
2009-02-06 09:54:17 . 2006-01-29 21:54:41 35328 ----a-w C:\WINDOWS\system32\sc.exe
2009-02-06 09:49:26 . 2004-08-03 22:59:00 2020864 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-03 20:08:52 . 2006-01-29 21:54:41 55808 ----a-w C:\WINDOWS\system32\secur32.dll
.

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:25 PM

Posted 02 May 2009 - 08:00 AM

Prev-x does tend to complicate things and it may be hanging up combofix. How is your computer behaving now? If you are still having the same issues then I would go ahead and uninstall Prevx and then run Combofix again.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 TayOranges

TayOranges
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 08 May 2009 - 05:22 PM

Sorry for the delay. After my anti-virus caught more malicious files they couldn't remove and my internet browsers would always redirect to "shady" websites I decided just to reformat my computer using a recover cd that came with it. Although it does say it will start fresh and all data will be lost, do I still need to worry about the pre-existing malicious files on the computer or would they have been removed when I reformatted?


EDIT: I hope I'm using the right word for reformat.

Edited by TayOranges, 08 May 2009 - 07:19 PM.


#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:25 PM

Posted 09 May 2009 - 01:10 PM

That just depends. Some recovery discs will completely format(erase) your hard drive and then reinstall. If that is the case here, you should be fine.

You should be able to tell easily enough just be trying to reproduce the issues that were having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:25 PM

Posted 25 May 2009 - 09:58 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users