Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google.com/firefox results being redirected


  • This topic is locked This topic is locked
8 replies to this topic

#1 donttellanyone

donttellanyone

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 01 February 2010 - 05:42 AM

The google search window one the default start page of firefox displays results that look normal. When I click on them, however, they will usually, but not always be directed to some other site than the result listed. On about 75% of the results this happens on the first click and (if I am opening the links to another tab) for an additional 2 or 3 clicks before the actual intended site eventual opens on the 4th or 5th click. On about 25% of the results, the intended site will come up on the first click, but if I try again, the results redirect as described above.

The redirection usually goes to an intermediate site before landing on the final site. I could discern no pattern in either the intermediate sites or the final sites. I never noticed the same site appearing twice. Usually the intermediate site looked like some kind of search engine (one was stickyrice.com/search.php) and the final site was some sort of content. The only thing that was "stable" was that the icon on the left side of the tab for the intermediate sites would usually be one of two alternatives: something that looked like a little sphere with latitude/longitude lines on it (or maybe a basketball) or a sort of cursive "Q" or script "2".

In my attempts to thwart this behavior, I first tried complete virus scans with McAffee (which found nothing and which I subsequently removed), and Avast, PrevX, and MalWareBytes (each of which found a few things, but did not stop the behavior). This was all about 6 weeks ago (and I don't have any of the logs from then). I grew frustrated, and when I realized the behavior did not occur if I typed www.google.com into the url bar and went from there, I gave up for a while.

Since then I had been consistently searching with www.google.com with no hint of the issue. Today, I decided it's unsafe to let the condition persist, especially with e-commerce activity and decided to get to the bottom of it. The behavior was immediately apparent on searching from the firefox start page.

Since I had done (maybe not well) the malware route, I tried everything I could think of relating to firefox itself. I disabled and removed all add-ons (extensions and plug-ins), I deleted the cache and all private information, I disabled javascript, I tried safe mode, I deleted all my information (save for a backup of my bookmarks) through safe mode, I created a new profile, I deleted the install directory and reinstalled, and I renamed the install directory and the executable. I tested for the behavior after each of these and nothing helped.

I then returned to the forums to check the malware route again and found mention that ComboFix could potential solve the issue. I ran it and it does appear that it might have helped. I searched from the start page and clicked through to 20 or 30 results with no redirects. That being said (and taking the advice on the ComboFix topic here) I wanted to go ahead and post to see if any glaring issues remain.

I have the ComboFix log, but I'm not going to post it unless you ask for it. Here is DDS.txt:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Jace at 3:45:53.28 on Mon 02/01/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.318 [GMT -6:00]

AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hp\ToolBoxFX\bin\HPTLBXFX.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Jace\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox A\firefoxa.exe
C:\Documents and Settings\Jace\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/redir.asp?affid=390-3&installtype=force&systempopup=true
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {981FE6A8-260C-4930-960F-C3BC82746CB0} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Norton Ghost 9.0] c:\program files\symantec\norton ghost\agent\GhostTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [eFax 4.1] "c:\program files\efax messenger 4.1\J2GDllCmd.exe" /R
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\jace\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jace\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax41~1.lnk - c:\program files\efax messenger 4.1\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 setuid

============= SERVICES / DRIVERS ===============

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-29 114768]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-29 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-29 138680]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2008-7-25 18944]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-29 352920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
S2 PEDRV;P&E Microcomputer System PCI Driver.; [x]
S2 VICHW11;P&E BDM Cable Driver II; [x]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-29 254040]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2005-2-2 9344]

=============== Created Last 30 ================

2010-02-01 07:42:59 0 d-sha-r- C:\cmdcons
2010-02-01 07:41:08 98816 ----a-w- c:\windows\sed.exe
2010-02-01 07:41:08 77312 ----a-w- c:\windows\MBR.exe
2010-02-01 07:41:08 261632 ----a-w- c:\windows\PEV.exe
2010-02-01 07:41:08 161792 ----a-w- c:\windows\SWREG.exe
2010-02-01 07:11:13 0 d-----w- c:\program files\Mozilla Firefox A
2010-01-24 00:16:28 0 d-----w- c:\docume~1\jace\applic~1\Dropbox
2010-01-19 20:58:16 0 d-----w- c:\windows\PRIndex
2010-01-19 20:58:16 0 d-----w- c:\docume~1\jace\applic~1\NewspaperDirect
2010-01-19 20:57:59 0 d-----w- c:\program files\NewspaperDirect
2010-01-13 22:49:08 0 d-----w- C:\b325d3a86e61584c73e14c33
2010-01-13 15:54:20 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 01:17:45 0 d-----w- C:\TimezAttack

==================== Find3M ====================

2010-01-05 10:00:29 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll

============= FINISH: 3:46:36.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:26 PM

Posted 08 February 2010 - 12:29 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 donttellanyone

donttellanyone
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 12 February 2010 - 10:31 AM

Thank you Elle.

The symptoms have not recurred since the steps described in the OP, so I'm hoping I'm in the clear. Here is the new DDS log (inline) and the DDS and GMER attachments (attached) you requested:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Jace at 0:03:00.45 on Fri 02/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.465 [GMT -6:00]

AV: avast! antivirus 4.8.1368 [VPS 100211-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hp\ToolBoxFX\bin\HPTLBXFX.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Jace\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox A\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jace\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/redir.asp?affid=390-3&installtype=force&systempopup=true
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {981FE6A8-260C-4930-960F-C3BC82746CB0} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Norton Ghost 9.0] c:\program files\symantec\norton ghost\agent\GhostTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [eFax 4.1] "c:\program files\efax messenger 4.1\J2GDllCmd.exe" /R
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\jace\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\jace\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax41~1.lnk - c:\program files\efax messenger 4.1\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 setuid

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jace\applic~1\mozilla\firefox\profiles\82fn6xse.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\jace\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox a\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox a\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox a\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox a\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox a\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox a\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox a\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox a\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox a\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox a\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox a\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox a\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox a\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox a\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox a\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox a\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox a\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox a\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox a\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox a\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox a\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox a\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox a\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox a\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox a\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox a\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox a\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox a\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox a\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox a\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox a\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox a\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox a\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-29 114768]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-29 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-29 138680]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2008-7-25 18944]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
S2 PEDRV;P&E Microcomputer System PCI Driver.; [x]
S2 VICHW11;P&E BDM Cable Driver II; [x]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-29 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-29 352920]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2005-2-2 9344]

=============== Created Last 30 ================

2010-02-11 02:13:04 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-02-11 02:13:04 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2010-02-04 16:02:31 0 d-----w- c:\program files\iPod
2010-02-04 16:02:02 0 d-----w- c:\program files\iTunes
2010-02-04 15:58:30 0 d-----w- c:\program files\Bonjour
2010-02-01 07:42:59 0 d-sha-r- C:\cmdcons
2010-02-01 07:41:08 98816 ----a-w- c:\windows\sed.exe
2010-02-01 07:41:08 77312 ----a-w- c:\windows\MBR.exe
2010-02-01 07:41:08 261632 ----a-w- c:\windows\PEV.exe
2010-02-01 07:41:08 161792 ----a-w- c:\windows\SWREG.exe
2010-02-01 07:11:13 0 d-----w- c:\program files\Mozilla Firefox A
2010-01-24 00:16:28 0 d-----w- c:\docume~1\jace\applic~1\Dropbox
2010-01-19 20:58:16 0 d-----w- c:\windows\PRIndex
2010-01-19 20:58:16 0 d-----w- c:\docume~1\jace\applic~1\NewspaperDirect
2010-01-19 20:57:59 0 d-----w- c:\program files\NewspaperDirect
2010-01-13 22:49:08 0 d-----w- C:\b325d3a86e61584c73e14c33
2010-01-13 15:54:20 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-05 10:00:29 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 0:03:50.55 ===============

Attached Files



#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 13 February 2010 - 10:48 AM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Please post the Combofix.txt log for my review.

==========
  • Click on Start, then Run.
  • Copy and Paste the green bold text below in to the Run Box:

cmd /c dir /a /s C:\QooBox >log.txt&start log.txt

  • Then click on OK.
  • A Text File will open up, please Copy and Paste the contents in your next reply.

==========

With your next post please provide:

* Combofix.txt
* Qoobox log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 donttellanyone

donttellanyone
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 14 February 2010 - 02:17 PM

Hi thcbytes, thanks so much for your help.

ComboFix 10-01-31.03 - Jace 02/01/2010 1:53.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.542 [GMT -6:00]
Running from: c:\documents and settings\Jace\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DelUS.bat
c:\documents and settings\Jace\Local Settings\Temporary Internet Files\udRemove.exe
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\win.ini

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

.
((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))
.

2010-02-01 07:11 . 2010-02-01 07:21 -------- d-----w- c:\program files\Mozilla Firefox A
2010-01-24 00:16 . 2010-02-01 06:24 -------- d-----w- c:\documents and settings\Jace\Application Data\Dropbox
2010-01-21 21:20 . 2010-02-01 05:48 -------- d-----w- c:\documents and settings\Jace\Local Settings\Application Data\Yahoo!
2010-01-19 21:06 . 2010-01-28 05:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-01-19 20:58 . 2010-01-19 20:58 -------- d-----w- c:\windows\PRIndex
2010-01-19 20:58 . 2010-01-19 20:58 -------- d-----w- c:\documents and settings\Jace\Application Data\NewspaperDirect
2010-01-19 20:57 . 2010-01-19 20:57 -------- d-----w- c:\program files\NewspaperDirect
2010-01-13 22:49 . 2010-01-13 22:49 -------- d-----w- C:\b325d3a86e61584c73e14c33
2010-01-13 15:54 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 01:17 . 2010-01-12 01:18 -------- d-----w- C:\TimezAttack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 06:22 . 2006-02-27 23:15 -------- d-----w- c:\program files\DivX
2010-02-01 06:15 . 2008-10-07 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-31 20:48 . 2008-07-18 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-24 00:35 . 2008-07-23 19:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 00:25 . 2007-01-19 06:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-22 17:02 . 2006-01-27 22:02 105704 ----a-w- c:\documents and settings\Jace\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-22 15:44 . 2008-12-16 03:02 -------- d-----w- c:\program files\ATTToolbar
2010-01-22 15:32 . 2006-01-27 20:47 -------- d-----w- c:\program files\Symantec
2010-01-22 15:31 . 2006-01-27 21:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-22 14:10 . 2006-08-06 21:36 -------- d-----w- c:\documents and settings\Jace\Application Data\Apple Computer
2010-01-22 14:08 . 2007-07-26 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-05 10:00 . 2005-11-05 01:17 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2005-11-05 01:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-11-05 01:16 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-04 17:09 . 2005-11-05 04:27 -------- d-----w- c:\program files\Common Files\AOL
2010-01-04 17:09 . 2005-11-05 04:28 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-12-29 08:14 . 2005-11-08 22:26 -------- d-----w- c:\program files\Google
2009-12-16 21:40 . 2009-12-16 21:40 -------- d-----w- c:\program files\Zone Five Software
2009-12-16 21:40 . 2009-12-16 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoneFiveSoftware
2009-12-16 20:52 . 2009-12-16 20:52 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-12-10 05:43 . 2009-10-27 15:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-24 23:54 . 2009-10-29 19:46 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-29 19:47 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-10-29 19:47 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-29 19:47 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-29 19:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-29 19:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2005-11-05 01:16 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 12:30 . 2006-09-30 19:17 664 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jace\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jace\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jace\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-24 352256]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-15 761947]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-23 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-23 385024]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"eFax 4.1"="c:\program files\eFax Messenger 4.1\J2GDllCmd.exe" [2005-12-16 107008]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-05-05 36864]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-05-05 40960]
"ToolBoxFX"="c:\program files\hp\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 45056]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-07-18 1306624]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Jace\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Jace\Application Data\Dropbox\bin\Dropbox.exe [2009-12-30 21968784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eFax 4.1.lnk - c:\program files\eFax Messenger 4.1\J2GTray.exe [2006-3-3 513024]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-23 06:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 setuid

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-09 20:30 133104 ----atw- c:\documents and settings\Jace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2007-08-23 10:58 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 02:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-04-23 17:43 228088 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-18 19:10 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\eclipse3p3\\eclipse\\eclipse.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\documents and settings\Jace\Application Data\Facebook\facebook.exe"= c:\documents and settings\Jace\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\cygwin\\bin\\XWin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Jace\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [7/29/2004 3:33 AM 138780]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/29/2009 1:47 PM 114768]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [7/29/2004 4:13 AM 46779]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/29/2009 1:47 PM 20560]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [7/25/2008 12:34 PM 18944]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 9:05 PM 135664]
S2 PEDRV;P&E Microcomputer System PCI Driver.; [x]
S2 VICHW11;P&E BDM Cable Driver II; [x]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2/2/2005 5:29 PM 9344]
.
Contents of the 'Scheduled Tasks' folder

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-02-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-18 18:35]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 03:04]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 03:04]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1501211371-2371496142-710079751-1006Core.job
- c:\documents and settings\Jace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 20:30]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1501211371-2371496142-710079751-1006UA.job
- c:\documents and settings\Jace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 20:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/redir.asp?affid=390-3&installtype=force&systempopup=true
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
SafeBoot-MCODS
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
MSConfigStartUp-PlaxoSysTray - c:\program files\Plaxo\3.23.0.11\PlaxoSysTray.exe
MSConfigStartUp-PlaxoUpdate - c:\program files\Plaxo\3.23.0.11\PlaxoHelper_en.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 02:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R%º*S%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R%º*S%\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C41065E-C54D-1619-CD75-84AB8F324046}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oafojnpoeiabamlkfclaalpclfokep"=hex:64,61,66,65,6a,64,68,66,00,90
"oablboklggbjlmajhdojpmknoaggnh"=hex:6b,61,69,64,61,65,6c,63,65,70,69,70,63,68,
6e,64,69,6e,6b,6f,6d,67,00,00
"nahohndlgjecifjmmjchhdlalhdc"=hex:6b,61,69,64,61,65,6c,63,65,70,69,70,63,68,
6e,64,69,6e,6b,6f,6d,67,00,00

[HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8C26A2B4-5A31-5084-25C4-CFBCB9007720}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahfbgbcdjgafgmokm"=hex:6a,61,67,63,67,6a,62,6a,6a,67,6f,62,62,62,68,6f,64,6c,
66,68,00,f2
"habgbaoigkhpjocm"=hex:6a,61,67,63,67,6a,62,6a,6a,67,6f,62,62,62,68,6f,64,6c,
66,68,00,f2
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1132)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(1196)
c:\windows\system32\setuid.dll

- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\WININET.dll
c:\documents and settings\Jace\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\System32\GEARSec.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\WebUpdateSvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\AGRSMMSG.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-01 02:20:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-01 08:20

Pre-Run: 54,089,109,504 bytes free
Post-Run: 55,389,593,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Visual FoxPro" /noexecute=optin /fastdetect /maxmem=500

Current=1 Default=1 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5B8A6103D828D794236FC731B6CF0D81




Volume in drive C is main drive
Volume Serial Number is 585A-B84C

Directory of C:\QooBox

02/01/2010 02:20 AM <DIR> .
02/01/2010 02:20 AM <DIR> ..
02/01/2010 02:19 AM 10,564 Add-Remove Programs.txt
02/01/2010 01:42 AM <DIR> BackEnv
02/01/2010 02:20 AM 2,223 ComboFix-quarantined-files.txt
02/01/2010 01:49 AM <DIR> Quarantine
02/01/2010 02:19 AM 0 SnapShot@2010-02-01_08.09.08.dat
3 File(s) 12,787 bytes

Directory of C:\QooBox\BackEnv

02/01/2010 01:42 AM <DIR> .
02/01/2010 01:42 AM <DIR> ..
02/01/2010 01:42 AM 449 appdata.folder.dat
02/01/2010 01:42 AM 470 cache.folder.dat
02/01/2010 01:42 AM 278 Cookies.folder.dat
02/01/2010 01:42 AM 231 desktop.folder.dat
02/01/2010 01:42 AM 233 favorites.folder.dat
02/01/2010 01:42 AM 422 localappdata.folder.dat
02/01/2010 01:42 AM 379 localsettings.folder.dat
02/01/2010 01:42 AM 246 mypictures.folder.dat
02/01/2010 01:42 AM 198 personal.folder.dat
02/01/2010 01:41 AM 337 Profiles.Folder.dat
02/01/2010 01:42 AM 569 Profiles.Folder.folder.dat
02/01/2010 01:42 AM 283 programs.folder.dat
02/01/2010 01:41 AM 5,583 SetPath.bat
02/01/2010 01:42 AM 238 startmenu.folder.dat
02/01/2010 01:42 AM 323 startup.folder.dat
02/01/2010 01:41 AM 1,870 SysPath.dat
02/01/2010 01:42 AM 233 templates.folder.dat
17 File(s) 12,342 bytes

Directory of C:\QooBox\Quarantine

02/01/2010 01:49 AM <DIR> .
02/01/2010 01:49 AM <DIR> ..
02/01/2010 02:03 AM <DIR> C
02/01/2010 01:52 AM 153 catchme.log
02/01/2010 02:19 AM <DIR> Registry_backups
1 File(s) 153 bytes

Directory of C:\QooBox\Quarantine\C

02/01/2010 02:03 AM <DIR> .
02/01/2010 02:03 AM <DIR> ..
01/28/2006 02:46 AM 157 DelUS.bat.vir
02/01/2010 02:03 AM <DIR> Documents and Settings
02/01/2010 01:49 AM <DIR> WINDOWS
1 File(s) 157 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings

02/01/2010 02:03 AM <DIR> .
02/01/2010 02:03 AM <DIR> ..
02/01/2010 02:03 AM <DIR> Jace
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Jace

02/01/2010 02:03 AM <DIR> .
02/01/2010 02:03 AM <DIR> ..
02/01/2010 02:03 AM <DIR> Local Settings
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Jace\Local Settings

02/01/2010 02:03 AM <DIR> .
02/01/2010 02:03 AM <DIR> ..
02/01/2010 02:03 AM <DIR> Temporary Internet Files
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Jace\Local Settings\Temporary Internet Files

02/01/2010 02:03 AM <DIR> .
02/01/2010 02:03 AM <DIR> ..
12/29/2009 02:58 PM 285,720 udRemove.exe.vir
1 File(s) 285,720 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS

02/01/2010 01:49 AM <DIR> .
02/01/2010 01:49 AM <DIR> ..
02/01/2010 02:03 AM <DIR> system32
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32

02/01/2010 02:03 AM <DIR> .
02/01/2010 02:03 AM <DIR> ..
02/01/2010 01:49 AM <DIR> drivers
02/19/2006 10:41 PM 0 WIN.INI.vir
1 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32\drivers

02/01/2010 01:49 AM <DIR> .
02/01/2010 01:49 AM <DIR> ..
04/13/2008 12:40 PM 96,512 atapi.sys.vir
1 File(s) 96,512 bytes

Directory of C:\QooBox\Quarantine\Registry_backups

02/01/2010 02:19 AM <DIR> .
02/01/2010 02:19 AM <DIR> ..
02/01/2010 02:19 AM 198 HKLM-Run-Malwarebytes Anti-Malware (reboot).reg.dat
02/01/2010 02:19 AM 622 MSConfigStartUp-Aim6.reg.dat
02/01/2010 02:19 AM 716 MSConfigStartUp-AppleSyncNotifier.reg.dat
02/01/2010 02:19 AM 656 MSConfigStartUp-BitTorrent.reg.dat
02/01/2010 02:19 AM 708 MSConfigStartUp-MsgCenterExe.reg.dat
02/01/2010 02:19 AM 624 MSConfigStartUp-PlaxoSysTray.reg.dat
02/01/2010 02:19 AM 636 MSConfigStartUp-PlaxoUpdate.reg.dat
02/01/2010 02:19 AM 712 MSConfigStartUp-updateMgr.reg.dat
02/01/2010 02:19 AM 534 SafeBoot-MCODS.reg.dat
02/01/2010 02:02 AM 11,468 tcpip.reg
02/01/2010 02:19 AM 171 WebBrowser-{E1BACF55-35E1-4E47-9247-2D48660E5545}.reg.dat
11 File(s) 17,045 bytes

Total Files Listed:
36 File(s) 424,716 bytes
35 Dir(s) 52,845,465,600 bytes free


Thank you again!!

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 14 February 2010 - 06:28 PM

Not too bad. thumbup2.gif

You had an infected System File though. blink.gif


excl.gif Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! excl.gif

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
RegLock::
[HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R%º*S%]
[HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R%º*S%\OpenWithList]

Regnull::
[HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C41065E-C54D-1619-CD75-84AB8F324046}*]
[HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8C26A2B4-5A31-5084-25C4-CFBCB9007720}*]

Folder::
c:\documents and settings\All Users\Application Data\Viewpoint


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

==========

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

==========

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

With your next post please provide:

* Combofix.txt
* MBAM log
* ESET log
* OTL.txt
* Extra.txt
* How is your computer running now?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 donttellanyone

donttellanyone
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 15 February 2010 - 01:33 AM

hi. got it all done with only 2 hiccups: 1) my copy of combofix had expired so i downloaded it again and 2) i did not actually read the whole JRE license agreement before i checked "accept license agreement" (shh!)

my computer is running well. no more hijacking and it seems faster than before, though maybe not quite as fast as for the first year or so after i got it.

========

ComboFix 10-02-12.01 - Jace 02/14/2010 19:24:57.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.577 [GMT -6:00]
Running from: c:\documents and settings\Jace\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jace\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100214-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint

.
((((((((((((((((((((((((( Files Created from 2010-01-15 to 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-11 02:13 . 2008-04-13 19:45 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-02-11 02:13 . 2008-04-13 19:45 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2010-02-04 16:02 . 2010-02-04 16:02 -------- d-----w- c:\program files\iPod
2010-02-04 16:02 . 2010-02-04 16:03 -------- d-----w- c:\program files\iTunes
2010-02-04 15:58 . 2010-02-04 15:58 -------- d-----w- c:\program files\Bonjour
2010-02-04 15:57 . 2010-02-04 15:57 -------- d-----w- c:\program files\QuickTime
2010-02-04 15:49 . 2010-02-04 15:49 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-01 07:11 . 2010-02-12 16:42 -------- d-----w- c:\program files\Mozilla Firefox A
2010-01-24 00:16 . 2010-01-24 00:16 89854 ----a-w- c:\documents and settings\Jace\Application Data\Dropbox\bin\Uninstall.exe
2010-01-24 00:16 . 2010-02-14 23:36 -------- d-----w- c:\documents and settings\Jace\Application Data\Dropbox
2010-01-21 21:20 . 2010-02-01 05:48 -------- d-----w- c:\documents and settings\Jace\Local Settings\Application Data\Yahoo!
2010-01-19 21:06 . 2010-01-28 05:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-01-19 20:58 . 2010-01-19 20:58 -------- d-----w- c:\windows\PRIndex
2010-01-19 20:58 . 2010-01-19 20:58 -------- d-----w- c:\documents and settings\Jace\Application Data\NewspaperDirect
2010-01-19 20:57 . 2010-01-19 20:57 -------- d-----w- c:\program files\NewspaperDirect

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 15:58 . 2008-07-18 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-12 20:09 . 2008-02-08 22:34 256 ----a-w- c:\windows\system32\pool.bin
2010-02-08 15:40 . 2005-11-08 22:26 -------- d-----w- c:\program files\Google
2010-02-04 16:02 . 2007-07-27 19:52 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 20:37 . 2006-01-27 22:02 76352 ----a-w- c:\documents and settings\Jace\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-01 06:22 . 2006-02-27 23:15 -------- d-----w- c:\program files\DivX
2010-01-24 00:35 . 2008-07-23 19:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 00:25 . 2007-01-19 06:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-22 15:44 . 2008-12-16 03:02 -------- d-----w- c:\program files\ATTToolbar
2010-01-22 15:32 . 2006-01-27 20:47 -------- d-----w- c:\program files\Symantec
2010-01-22 15:31 . 2006-01-27 21:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-22 14:10 . 2006-08-06 21:36 -------- d-----w- c:\documents and settings\Jace\Application Data\Apple Computer
2010-01-22 14:08 . 2007-07-26 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-05 10:00 . 2005-11-05 01:17 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2005-11-05 01:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-11-05 01:16 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-04 17:09 . 2005-11-05 04:27 -------- d-----w- c:\program files\Common Files\AOL
2010-01-04 17:09 . 2005-11-05 04:28 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-12-31 16:50 . 2005-11-05 01:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 00:48 . 2009-12-31 00:48 21968784 ----a-w- c:\documents and settings\Jace\Application Data\Dropbox\bin\Dropbox.exe
2009-12-16 18:43 . 2005-11-05 02:37 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2005-11-05 01:16 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 01:19 . 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jace\Application Data\Dropbox\bin\DropboxExt.13.dll
2009-12-08 19:27 . 2005-11-05 01:16 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2005-11-05 01:16 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2005-11-05 01:16 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2005-11-05 01:16 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2005-11-05 01:16 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2005-11-05 01:16 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2009-10-29 19:46 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-29 19:47 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-10-29 19:47 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-29 19:47 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-29 19:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-29 19:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2005-11-05 01:16 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jace\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jace\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jace\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-24 352256]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-15 761947]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-23 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-23 385024]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"eFax 4.1"="c:\program files\eFax Messenger 4.1\J2GDllCmd.exe" [2005-12-16 107008]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-05-05 36864]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-05-05 40960]
"ToolBoxFX"="c:\program files\hp\ToolBoxFX\bin\HPTLBXFX.exe" [2006-02-02 45056]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-07-18 1306624]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

c:\documents and settings\Jace\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Jace\Application Data\Dropbox\bin\Dropbox.exe [2009-12-30 21968784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eFax 4.1.lnk - c:\program files\eFax Messenger 4.1\J2GTray.exe [2006-3-3 513024]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-23 06:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 setuid

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-09 20:30 133104 ----atw- c:\documents and settings\Jace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2007-08-23 10:58 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 01:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-04-23 17:43 228088 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-18 19:10 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\eclipse3p3\\eclipse\\eclipse.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\documents and settings\Jace\Application Data\Facebook\facebook.exe"= c:\documents and settings\Jace\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\cygwin\\bin\\XWin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Jace\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [7/29/2004 3:33 AM 138780]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/29/2009 1:47 PM 114768]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [7/29/2004 4:13 AM 46779]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/29/2009 1:47 PM 20560]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [7/25/2008 12:34 PM 18944]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 9:05 PM 135664]
S2 PEDRV;P&E Microcomputer System PCI Driver.; [x]
S2 VICHW11;P&E BDM Cable Driver II; [x]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2/2/2005 5:29 PM 9344]
.
Contents of the 'Scheduled Tasks' folder

2010-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-02-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-18 18:35]

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 03:04]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 03:04]

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1501211371-2371496142-710079751-1006Core.job
- c:\documents and settings\Jace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 20:30]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1501211371-2371496142-710079751-1006UA.job
- c:\documents and settings\Jace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 20:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/redir.asp?affid=390-3&installtype=force&systempopup=true
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jace\Application Data\Mozilla\Firefox\Profiles\82fn6xse.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\Jace\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox A\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox A\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox A\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox A\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox A\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox A\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox A\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox A\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox A\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox A\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox A\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox A\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox A\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox A\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox A\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox A\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 19:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R%º*S%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R%º*S%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1132)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1188)
c:\windows\system32\setuid.dll

- - - - - - - > 'explorer.exe'(2660)
c:\windows\system32\WININET.dll
c:\documents and settings\Jace\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-02-14 19:38:43
ComboFix-quarantined-files.txt 2010-02-15 01:38

Pre-Run: 53,203,025,920 bytes free
Post-Run: 53,397,483,520 bytes free

Current=1 Default=1 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 31AE2ABD5F0829FDCC16C53AA410D2D0

=============

Malwarebytes' Anti-Malware 1.44
Database version: 3739
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/14/2010 8:30:10 PM
mbam-log-2010-02-14 (20-30-10).txt

Scan type: Quick Scan
Objects scanned: 150072
Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

============
ESET log:

C:\Documents and Settings\Jace\Application Data\Sun\Java\Deployment\cache\6.0\16\78fcee10-6d62d38d multiple threats deleted - quarantined
C:\Documents and Settings\Jace\Application Data\Sun\Java\Deployment\cache\6.0\3\40417403-3e1fed20 multiple threats deleted - quarantined
C:\Documents and Settings\Jace\Application Data\Sun\Java\Deployment\cache\6.0\37\301cb0e5-18590430 multiple threats deleted - quarantined
C:\Documents and Settings\Jace\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-5763d986 multiple threats deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.OF virus deleted - quarantined

=============

OTL logfile created on: 2/15/2010 12:00:56 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Jace\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 248.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 49.76 Gb Free Space | 44.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TUNGSTEN
Current User Name: Jace
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/14 23:59:11 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jace\Desktop\OTL.exe
PRC - [2010/02/14 20:10:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2010/01/15 21:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox A\firefox.exe
PRC - [2009/12/30 18:48:44 | 021,968,784 | ---- | M] () -- C:\Documents and Settings\Jace\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/11/24 17:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/23 08:45:29 | 000,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/07/25 12:34:50 | 000,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2008/07/18 13:10:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/07/18 12:08:22 | 001,306,624 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/18 20:05:26 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/02/06 12:54:54 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2006/02/02 08:12:30 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2005/12/22 17:37:26 | 000,266,240 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc.exe
PRC - [2005/12/16 17:59:11 | 000,107,008 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
PRC - [2005/12/16 17:58:55 | 000,513,024 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.1\J2GTray.exe
PRC - [2005/11/23 18:32:12 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2005/11/15 17:54:34 | 000,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/11/15 17:45:20 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2005/11/10 13:14:06 | 015,473,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2005/11/10 12:24:50 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/10/15 08:29:08 | 000,088,203 | ---- | M] (Agere Systems) -- C:\WINDOWS\agrsmmsg.exe
PRC - [2005/08/10 12:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/08/06 04:18:38 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/08/01 06:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/23 00:47:12 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/07/23 00:46:52 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/07/23 00:43:46 | 000,372,809 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/07/23 00:41:58 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2005/07/23 00:40:54 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/07/23 00:40:16 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/06/08 12:03:08 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/06/08 12:02:22 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2005/06/08 11:59:06 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/05/31 23:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 22:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/25 17:23:10 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/07/29 04:41:08 | 001,122,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
PRC - [2004/07/29 04:02:34 | 001,269,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
PRC - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe


========== Modules (SafeList) ==========

MOD - [2010/02/14 23:59:11 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jace\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (CarboniteService)
SRV - [2010/02/14 20:10:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/12/28 21:04:59 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/24 12:35:42 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/23 08:45:29 | 000,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/07/25 12:34:50 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/04/23 11:43:54 | 000,310,008 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/04/23 11:43:54 | 000,166,648 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/04/23 11:43:46 | 001,010,424 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/04/22 20:29:34 | 000,088,824 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/04/22 20:29:32 | 000,359,160 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/07/05 14:19:26 | 000,058,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\CVSNT\cvslock.exe -- (cvslock)
SRV - [2006/07/05 14:19:26 | 000,037,888 | ---- | M] (March Hare Software Ltd) [On_Demand | Stopped] -- C:\Program Files\CVSNT\cvsservice.exe -- (cvsnt)
SRV - [2006/02/06 12:54:54 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2005/12/22 17:37:26 | 000,266,240 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc.exe -- (WebUpdate)
SRV - [2005/08/10 12:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/23 00:43:46 | 000,372,809 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/07/23 00:40:54 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/07/23 00:40:16 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/07/29 04:02:34 | 001,269,760 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost)
SRV - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 17:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 17:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 17:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/15 04:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 04:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 04:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/29 15:00:35 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV - [2009/04/17 15:48:14 | 000,009,344 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2008/09/23 08:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/09/23 08:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 13:45:38 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2008/04/13 12:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 12:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 12:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/23 03:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/18 10:24:58 | 000,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/07 19:02:04 | 000,022,272 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2006/02/06 12:54:51 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2006/01/29 17:34:58 | 000,060,572 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/01/29 17:34:58 | 000,028,449 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/01/27 13:01:33 | 000,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/11/15 18:40:24 | 000,043,264 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/15 17:41:12 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/15 11:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/10 18:44:12 | 004,064,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/28 11:01:28 | 000,049,920 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/10/28 11:01:28 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/10/21 18:52:48 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/09/21 00:22:38 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/09/19 10:41:00 | 000,241,280 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/08/25 14:23:20 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/24 17:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/23 22:12:30 | 000,062,080 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/08/19 19:22:02 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/08/19 05:47:04 | 000,107,904 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/08/01 18:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/08/01 06:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 06:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 06:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 06:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 06:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 06:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 06:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/28 04:30:00 | 000,088,704 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/07/23 01:02:44 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/07/19 22:14:02 | 003,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/07/11 20:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/07/07 10:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 10:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 06:10:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/28 10:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/06/23 11:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/06/20 22:30:46 | 000,044,288 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/06/08 12:27:04 | 001,050,140 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/04/06 11:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/03/02 10:45:24 | 000,004,864 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/02/02 17:29:28 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
DRV - [2005/01/12 02:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/01/06 15:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 06:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/07/29 04:13:28 | 000,046,779 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQIMount.sys -- (PQIMount)
DRV - [2004/07/29 03:33:08 | 000,138,780 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PQV2i.sys -- (PQV2i)
DRV - [2004/05/17 17:18:26 | 000,008,573 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 01:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [1997/10/04 20:33:26 | 000,000,181 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GIVEIO.TXT -- (GIVEIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox A\components [2010/02/04 09:57:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox A\plugins [2010/02/14 20:10:44 | 000,000,000 | ---D | M]

[2009/07/15 11:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Mozilla\Extensions
[2009/07/15 11:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Mozilla\Extensions\contact@callgraph.in
[2010/02/14 20:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Mozilla\Firefox\Profiles\82fn6xse.default\extensions
[2010/02/09 10:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jace\Application Data\Mozilla\Firefox\Profiles\82fn6xse.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/02/01 05:04:26 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Jace\Application Data\Mozilla\Firefox\Profiles\82fn6xse.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/02/01 01:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Mozilla\Firefox\Profiles\nhhr1p1f.new\extensions
[2010/02/01 01:21:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jace\Application Data\Mozilla\Firefox\Profiles\nhhr1p1f.new\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/08/06 15:04:55 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Jace\Application Data\Mozilla\Firefox\Profiles\82fn6xse.default\searchplugins\siteadvisor.xml

O1 HOSTS File: ([2010/02/01 02:08:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\agrsmmsg.exe (Agere Systems)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [eFax 4.1] C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\hp\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1501211371-2371496142-710079751-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1501211371-2371496142-710079751-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1501211371-2371496142-710079751-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Jace\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Jace\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-1501211371-2371496142-710079751-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E...04/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jace\My Documents\My Pictures\phone pictures\lookin fly.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jace\My Documents\My Pictures\phone pictures\lookin fly.bmp
O30 - LSA: Authentication Packages - (setuid) - C:\WINDOWS\System32\setuid.dll (March-Hare Software Ltd)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/04 20:41:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/04 20:40:33 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Jace\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: gStart - hkey= - key= - C:\Garmin\gStart.exe (GARMIN Corp.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/14 23:59:11 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jace\Desktop\OTL.exe
[2010/02/14 20:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/14 20:18:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/14 20:18:00 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/14 20:15:28 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jace\Desktop\mbam-setup.exe
[2010/02/14 20:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/14 20:10:44 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/14 20:10:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/14 20:10:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/14 20:10:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/14 20:10:44 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/14 19:45:09 | 016,254,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jace\Desktop\jre-6u18-windows-i586.exe
[2010/02/14 19:23:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/14 19:23:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/14 19:23:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/14 19:23:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/14 19:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jace\Desktop\malware fix 2
[2010/02/11 23:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jace\My Documents\voicemails
[2010/02/10 20:13:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wceusbsh.sys
[2010/02/10 20:13:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2010/02/04 10:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/04 10:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/04 09:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/02/04 09:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/01 05:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jace\Desktop\malware fix 1
[2010/02/01 01:42:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/01 01:39:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/01 01:32:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/01 01:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox A
[2010/01/27 23:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/01/24 08:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/23 18:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/01/23 18:18:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jace\My Documents\My Dropbox
[2010/01/23 18:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jace\Application Data\Dropbox
[2010/01/21 15:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jace\Local Settings\Application Data\Yahoo!
[2010/01/19 15:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/01/19 14:58:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\PRIndex
[2010/01/19 14:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jace\Application Data\NewspaperDirect
[2010/01/19 14:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\NewspaperDirect
[2009/12/28 21:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/29 18:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[2008/03/06 14:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/07/27 09:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/02/20 17:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/01/03 21:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/06/21 13:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/11/04 21:18:28 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2005/11/04 20:40:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/11/04 20:40:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[524 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/14 23:59:11 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jace\Desktop\OTL.exe
[2010/02/14 23:25:03 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1501211371-2371496142-710079751-1006UA.job
[2010/02/14 23:10:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/14 21:10:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/14 20:33:10 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\esetsmartinstaller_enu.exe
[2010/02/14 20:18:08 | 012,582,912 | -H-- | M] () -- C:\Documents and Settings\Jace\NTUSER.DAT
[2010/02/14 20:18:05 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/14 20:15:38 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jace\Desktop\mbam-setup.exe
[2010/02/14 20:10:23 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/14 20:10:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/14 20:10:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/14 20:10:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/14 20:10:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/14 20:04:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/14 20:04:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/14 20:04:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/14 20:03:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/14 20:03:58 | 1064,812,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/14 20:02:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jace\ntuser.ini
[2010/02/14 19:46:23 | 016,254,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jace\Desktop\jre-6u18-windows-i586.exe
[2010/02/14 19:34:28 | 000,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/14 19:22:12 | 003,857,112 | R--- | M] () -- C:\Documents and Settings\Jace\Desktop\ComboFix.exe
[2010/02/14 12:12:09 | 000,603,039 | ---- | M] () -- C:\Documents and Settings\Jace\My Documents\20091001 hjh peanut butter and jelly sandwich.pdf
[2010/02/14 10:34:05 | 000,583,888 | ---- | M] () -- C:\Documents and Settings\Jace\My Documents\20090929 hjh ice cream sundae.pdf
[2010/02/12 14:09:02 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/02/12 02:25:06 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1501211371-2371496142-710079751-1006Core.job
[2010/02/12 00:09:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jace\defogger_reenable
[2010/02/11 22:37:57 | 000,230,994 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\20091130 hjh spelling.jpg
[2010/02/11 09:45:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/10 16:47:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 14:33:10 | 000,173,982 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\dancer.jpg
[2010/02/08 09:41:39 | 000,001,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/02 14:37:50 | 000,076,352 | ---- | M] () -- C:\Documents and Settings\Jace\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/02 12:08:16 | 000,103,793 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\Jason.jpg
[2010/02/01 16:43:18 | 000,294,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/01 02:08:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/01 01:43:11 | 000,000,394 | RHS- | M] () -- C:\boot.ini
[2010/02/01 00:24:40 | 000,000,324 | ---- | M] () -- C:\Boot.bak
[2010/02/01 00:24:38 | 000,000,644 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/31 14:02:31 | 007,798,885 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\fireplace manual.pdf
[2010/01/27 23:31:15 | 004,944,334 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\Marathon.pdf
[2010/01/27 16:24:07 | 000,053,564 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\3 marathon.jpg
[2010/01/27 15:54:13 | 000,042,141 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\houston pace.jpg
[2010/01/23 18:18:14 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\Jace\Start Menu\Programs\Startup\Dropbox.lnk
[2010/01/23 18:18:13 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\Dropbox.lnk
[2010/01/20 17:00:00 | 000,044,085 | ---- | M] () -- C:\Documents and Settings\Jace\My Documents\20100120 westin copley form.pdf
[2010/01/20 13:42:41 | 000,162,816 | ---- | M] () -- C:\Documents and Settings\Jace\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 12:53:28 | 000,041,633 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\getimage.jpg
[2010/01/19 10:49:17 | 000,185,915 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\2010 mar start.jpg
[2010/01/19 10:46:46 | 000,136,445 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\9158966_550_art_R0.jpg
[2010/01/19 10:45:54 | 000,077,832 | ---- | M] () -- C:\Documents and Settings\Jace\Desktop\9160202_550_art_R0.jpg
[524 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/14 20:32:49 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\esetsmartinstaller_enu.exe
[2010/02/14 20:18:05 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/14 19:23:43 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/14 19:23:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/14 19:23:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/14 19:23:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/14 19:23:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/14 19:21:57 | 003,857,112 | R--- | C] () -- C:\Documents and Settings\Jace\Desktop\ComboFix.exe
[2010/02/14 12:12:07 | 000,603,039 | ---- | C] () -- C:\Documents and Settings\Jace\My Documents\20091001 hjh peanut butter and jelly sandwich.pdf
[2010/02/14 10:34:04 | 000,583,888 | ---- | C] () -- C:\Documents and Settings\Jace\My Documents\20090929 hjh ice cream sundae.pdf
[2010/02/12 00:09:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jace\defogger_reenable
[2010/02/11 22:37:57 | 000,230,994 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\20091130 hjh spelling.jpg
[2010/02/09 14:33:10 | 000,173,982 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\dancer.jpg
[2010/02/08 09:41:39 | 000,001,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/02 12:08:15 | 000,103,793 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\Jason.jpg
[2010/02/01 01:43:10 | 000,000,324 | ---- | C] () -- C:\Boot.bak
[2010/02/01 01:43:02 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/01/31 14:02:06 | 007,798,885 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\fireplace manual.pdf
[2010/01/27 23:32:54 | 004,944,334 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\Marathon.pdf
[2010/01/27 16:24:07 | 000,053,564 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\3 marathon.jpg
[2010/01/27 15:54:13 | 000,042,141 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\houston pace.jpg
[2010/01/23 18:18:14 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\Jace\Start Menu\Programs\Startup\Dropbox.lnk
[2010/01/23 18:18:13 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\Dropbox.lnk
[2010/01/20 17:00:00 | 000,044,085 | ---- | C] () -- C:\Documents and Settings\Jace\My Documents\20100120 westin copley form.pdf
[2010/01/19 12:54:01 | 000,041,633 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\getimage.jpg
[2010/01/19 10:49:17 | 000,185,915 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\2010 mar start.jpg
[2010/01/19 10:46:45 | 000,136,445 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\9158966_550_art_R0.jpg
[2010/01/19 10:45:51 | 000,077,832 | ---- | C] () -- C:\Documents and Settings\Jace\Desktop\9160202_550_art_R0.jpg
[2009/09/11 15:46:15 | 000,000,015 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2009/06/24 09:30:52 | 000,000,131 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2009/05/18 07:57:25 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Retrieve7.INI
[2009/03/29 18:53:03 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2009/02/26 16:39:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/30 11:44:00 | 000,000,087 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2008/12/22 15:44:27 | 000,038,462 | ---- | C] () -- C:\Documents and Settings\Jace\Application Data\Comma Separated Values (Windows).ADR
[2008/12/18 23:39:49 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[2008/12/18 23:39:49 | 000,000,343 | ---- | C] () -- C:\WINDOWS\PlayItTrebleClef.ini
[2008/12/18 23:39:49 | 000,000,304 | ---- | C] () -- C:\WINDOWS\PlayItBassClef.ini
[2008/02/08 16:41:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DLL
[2007/10/03 08:41:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2007/08/10 17:25:26 | 000,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007/05/28 12:31:40 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2007/04/29 10:32:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/04/24 14:18:07 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini
[2007/04/24 14:18:04 | 000,030,846 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/02/04 16:41:23 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/29 03:07:43 | 000,000,210 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/12/14 08:31:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/13 12:36:35 | 000,022,986 | ---- | C] () -- C:\Documents and Settings\Jace\Application Data\Microsoft Excel.ADR
[2006/10/25 14:14:55 | 000,000,560 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/10/24 06:46:49 | 000,002,918 | ---- | C] () -- C:\WINDOWS\pviewm.ini
[2006/08/06 16:08:14 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/05 10:11:18 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/15 16:40:32 | 000,006,249 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2006/05/08 14:44:59 | 000,008,861 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/08 14:44:59 | 000,000,714 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2006/03/06 09:42:14 | 000,000,458 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/02/27 17:06:26 | 000,162,816 | ---- | C] () -- C:\Documents and Settings\Jace\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/09 17:58:45 | 000,007,749 | ---- | C] () -- C:\WINDOWS\mdsemcu.ini
[2006/02/09 17:58:45 | 000,000,710 | ---- | C] () -- C:\WINDOWS\mdselib.ini
[2006/02/07 19:48:02 | 000,016,649 | ---- | C] () -- C:\WINDOWS\mcutools.ini
[2006/02/06 12:54:56 | 000,112,128 | RH-- | C] () -- C:\WINDOWS\CdaC14BA.DLL
[2006/02/06 12:54:52 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2006/01/27 16:02:05 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Jace\Local Settings\Application Data\fusioncache.dat
[2006/01/27 14:30:40 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/01/27 13:01:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2005/12/02 12:12:56 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2005/12/01 22:20:38 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/12/01 22:20:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/12/01 22:20:38 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/12/01 22:20:38 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/11/29 18:35:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/29 18:35:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/29 18:35:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/29 18:35:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/29 18:35:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/29 18:35:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/29 18:23:18 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/29 18:13:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/11 16:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/08 15:47:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/04 22:25:51 | 000,000,300 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/04 21:54:58 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/04 21:51:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/04 21:38:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005/11/04 21:18:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/04 20:38:04 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/04 19:20:12 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/07 11:00:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2005/09/07 11:00:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2005/08/24 17:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/07 22:11:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/03 04:06:00 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2004/01/13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/09/26 06:42:46 | 000,002,421 | ---- | C] () -- C:\WINDOWS\System32\scrubber.ini
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/03 14:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/03/29 02:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[2001/03/28 10:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\hppcap.ini

========== LOP Check ==========

[2008/04/30 11:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chameleon Power Inc
[2009/03/29 19:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2006/03/03 11:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.1 Setup
[2008/07/27 07:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/03/29 20:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2007/09/19 16:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/05/29 15:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/12/12 20:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2007/05/31 16:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/05/30 10:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2007/04/24 14:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2009/12/16 15:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoneFiveSoftware
[2009/03/12 08:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/15 10:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 07:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/11/04 22:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2009/07/25 11:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Jayne\Application Data\ATTTOOLBAR
[2005/11/04 22:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Jayne\Application Data\toshiba
[2007/05/28 15:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah Jayne\Application Data\Zeon
[2008/01/05 08:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Amazon
[2009/11/01 14:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Audacity
[2007/08/03 15:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Autodesk
[2007/09/12 16:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\BitTorrent
[2009/07/09 11:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Blackberry Desktop
[2009/07/15 13:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Call Graph
[2009/01/26 10:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Canon
[2008/04/30 11:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Chameleon Power Inc
[2007/11/01 10:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\ContentGuard
[2010/02/14 23:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Dropbox
[2008/12/22 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Facebook
[2008/07/27 07:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\GARMIN
[2007/01/28 10:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\InterVideo
[2006/01/27 16:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\IsolatedStorage
[2007/12/26 20:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\LinkedIn
[2009/02/01 15:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Mp3tag
[2009/07/15 13:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\NCH Swift Sound
[2010/01/19 14:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\NewspaperDirect
[2007/05/09 11:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\PanoramaStudio
[2008/02/08 16:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Research In Motion
[2007/04/24 14:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\ScanSoft
[2005/11/04 22:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\toshiba
[2007/04/24 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Zeon
[2008/03/22 11:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\ScanSoft
[2005/11/04 22:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\toshiba
[2007/11/26 08:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Zeon
[2005/11/04 22:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp\Application Data\toshiba

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2010/01/23 18:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/10/07 15:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/10/07 15:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2010/01/22 08:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/07/27 13:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/04/30 11:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chameleon Power Inc
[2009/03/29 19:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2006/03/03 11:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.1 Setup
[2008/07/27 07:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/01/26 09:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/02/14 09:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2007/05/14 10:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2007/04/24 14:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2006/01/27 13:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2007/03/10 23:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/03/29 20:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2009/03/29 19:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/10/27 09:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/03/22 15:39:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/10/15 09:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/12/12 19:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/09/19 16:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/05/29 15:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2005/11/04 22:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2006/01/27 16:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/12/12 20:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2008/02/08 16:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2007/05/31 16:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/07/15 11:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/02/08 16:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/02/14 20:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2006/01/27 16:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2006/05/10 10:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/05/30 10:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2007/04/24 14:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2009/12/16 15:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoneFiveSoftware
[2009/03/12 08:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/15 10:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 07:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 14:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2010/02/04 09:49:43 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
[2009/09/23 11:40:23 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.31.9.1\SetupAdmin.exe
[2009/11/12 10:17:04 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
[2009/03/29 19:03:14 | 001,848,712 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company\AiO Home Center Product Updater\1.1.0.0\setup.exe
[2007/05/14 13:14:33 | 000,241,664 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2008/07/17 11:29:02 | 002,278,792 | R--- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_320002_214d2b9e\Setup.exe
[2009/03/29 19:02:54 | 000,217,088 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ProductUpdate\setup.exe

< %APPDATA%\*. >
[2008/02/02 10:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Adobe
[2008/05/19 12:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\AdobeUM
[2008/01/05 08:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Amazon
[2007/02/04 16:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\AOL
[2010/01/22 08:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Apple Computer
[2006/02/06 12:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\ArcSoft
[2009/11/01 14:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Audacity
[2007/08/03 15:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Autodesk
[2007/09/12 16:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\BitTorrent
[2009/07/09 11:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Blackberry Desktop
[2009/07/15 13:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Call Graph
[2009/01/26 10:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Canon
[2008/04/30 11:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Chameleon Power Inc
[2007/11/01 10:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\ContentGuard
[2007/01/29 14:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\DivX
[2010/02/14 23:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Dropbox
[2008/12/22 16:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Facebook
[2008/07/27 07:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\GARMIN
[2006/09/20 13:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Google
[2006/01/27 23:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Help
[2007/05/14 10:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\HP
[2005/11/04 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Identities
[2006/01/27 13:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Intel
[2007/01/28 10:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\InterVideo
[2005/11/04 22:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Intuit
[2006/01/27 16:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\IsolatedStorage
[2007/12/26 20:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\LinkedIn
[2007/07/05 15:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Macromedia
[2009/10/27 09:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Malwarebytes
[2007/08/10 17:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\MathWorks
[2008/01/02 14:54:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jace\Application Data\Microsoft
[2008/12/15 09:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Motive
[2008/09/10 21:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Move Networks
[2009/01/21 20:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Mozilla
[2009/02/01 15:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Mp3tag
[2009/07/15 13:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\NCH Swift Sound
[2010/01/19 14:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\NewspaperDirect
[2007/05/09 11:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\PanoramaStudio
[2006/11/27 09:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Real
[2008/02/08 16:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Research In Motion
[2009/05/05 10:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Roxio
[2007/04/24 14:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\ScanSoft
[2009/11/01 03:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Skype
[2009/09/28 15:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\skypePM
[2006/09/21 15:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Sonic
[2006/01/29 17:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Sun
[2005/11/04 22:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\toshiba
[2007/04/26 14:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\vlc
[2005/11/04 22:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\You've Got Pictures Screensaver
[2007/04/24 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jace\Application Data\Zeon

< %APPDATA%\*.exe /s >
[2007/01/18 16:05:02 | 021,277,080 | ---- | M] ( ) -- C:\Documents and Settings\Jace\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
[2008/05/06 16:51:01 | 019,900,192 | ---- | M] ( ) -- C:\Documents and Settings\Jace\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe
[2009/12/30 18:48:44 | 021,968,784 | ---- | M] () -- C:\Documents and Settings\Jace\Application Data\Dropbox\bin\Dropbox.exe
[2010/01/23 18:16:59 | 000,089,854 | ---- | M] () -- C:\Documents and Settings\Jace\Application Data\Dropbox\bin\Uninstall.exe
[2007/10/28 23:23:14 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Jace\Application Data\Facebook\facebook.exe
[2007/08/27 07:33:52 | 000,006,766 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{4613D63D-52C3-4BC5-BB65-622A801997E2}\_18be6784.exe
[2005/11/29 18:24:55 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
[2009/03/29 19:07:49 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\ARPPRODUCTICON.exe
[2009/03/29 19:07:50 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut1_843081BD351F46FC8A17517A0D9117A3.exe
[2009/03/29 19:07:50 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut2_843081BD351F46FC8A17517A0D9117A3.exe
[2009/03/29 19:07:50 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut3_843081BD351F46FC8A17517A0D9117A3.exe
[2009/03/29 19:07:50 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut5_843081BD351F46FC8A17517A0D9117A3.exe
[2008/02/08 16:22:13 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\DesktopMgr.exe
[2008/02/08 16:22:13 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/02/08 16:22:13 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/02/08 16:22:13 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/02/08 16:22:13 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/02/08 16:22:14 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/02/08 16:22:13 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/02/08 16:22:13 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/02/08 16:22:13 | 000,006,502 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
[2008/02/08 16:22:14 | 000,006,502 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
[2008/02/08 16:22:13 | 000,006,502 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
[2009/03/29 19:08:03 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\ARPPRODUCTICON.exe
[2009/03/29 19:08:05 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut10_DC626A21EDF140C78F2FD2BA7535529F.exe
[2009/03/29 19:08:05 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut11_DC626A21EDF140C78F2FD2BA7535529F.exe
[2009/03/29 19:08:04 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut1_DC626A21EDF140C78F2FD2BA7535529F.exe
[2009/03/29 19:08:04 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut2_DC626A21EDF140C78F2FD2BA7535529F.exe
[2009/03/29 19:08:04 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut3_DC626A21EDF140C78F2FD2BA7535529F.exe
[2009/03/29 19:08:04 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut4_DC626A21EDF140C78F2FD2BA7535529F.exe
[2009/03/29 19:08:05 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut5_DC626A21EDF140C78F2FD2BA7535529F.exe
[2009/03/29 19:08:04 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut6_DC626A21EDF140C78F2FD2BA7535529F.exe
[2009/03/29 19:08:04 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut7_DC626A21EDF140C78F2FD2BA7535529F.exe
[2009/03/29 19:08:05 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut8_DC626A21EDF140C78F2FD2BA7535529F.exe
[2009/03/29 19:08:03 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Jace\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut9_DC626A21EDF140C78F2FD2BA7535529F.exe
[2008/06/14 23:02:44 | 000,099,704 | ---- | M] () -- C:\Documents and Settings\Jace\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2008/09/10 21:41:13 | 000,034,064 | ---- | M] () -- C:\Documents and Settings\Jace\Application Data\Move Networks\ie_bin\Uninst.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/07/28 18:51:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/07/28 18:51:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/07/28 18:51:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/07/28 18:51:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[1999/10/02 09:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Program Files\MATLAB71\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll
[2008/09/03 14:17:20 | 000,028,797 | R--- | M] () MD5=258ED9A1CCD8102C3236DD97354C51EC -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: KR10N.SYS >
[2005/01/12 02:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\OemDir\KR10N.sys
[2005/01/12 02:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\system32\drivers\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 18:11:54 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll
[524 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

===============

OTL Extras logfile created on: 2/15/2010 12:00:56 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Jace\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 248.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 49.76 Gb Free Space | 44.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TUNGSTEN
Current User Name: Jace
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox A\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox A\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo! Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\eclipse3p3\eclipse\eclipse.exe" = C:\eclipse3p3\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Documents and Settings\Jace\Application Data\Facebook\facebook.exe" = C:\Documents and Settings\Jace\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook -- ()
"C:\cygwin\bin\XWin.exe" = C:\cygwin\bin\XWin.exe:*:Enabled:XWin -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Jace\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Jace\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Disabled:MediaManager9 Module -- (Sonic Solutions)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0055A0B8-E1DF-4C31-8528-0CEA51348894}" = ImageMapper
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{01481D28-0733-46ca-A083-0985A6BBA615}" = eFax Messenger 4.1
"{01ADCC5D-45B4-45E4-AC5C-C06E044B16DF}" = hppIOFiles
"{02E73E50-6513-4802-8600-B5A5BA185BE3}" = ScanSoft PaperPort 11
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EF45FEA-E3C1-4660-854A-810C1BA169E2}" = hppLJ3390
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{173D5E9E-8ABC-4EB2-B371-18AF8812A91D}" = hppFaxUtility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4613D63D-52C3-4BC5-BB65-622A801997E2}" = Plan3D
"{47282117-BA45-4240-9191-57FE76041DDE}" = Garmin Training Center 3.4.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{663D8AAF-CB71-4056-8C60-1D85BC576C6E}" = hppTooCool
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7819F6F9-C5A8-452B-ADB0-42B7FE7FFF49}" = CodeWarrior Development Studio for HC08 V5.0
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7C480BB2-42A9-40C6-AA5F-7AA20FC7C7F3}" = CVSNT 2.5.03.2382
"{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig
"{82A27957-45D5-41BC-8593-60249895727B}" = ActivePerl 5.10.0 Build 1004
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B677453-F9D2-4387-B030-E669B28B8A08}" = hppToolBoxFX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPROR_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{993CD8D4-AED6-45E2-8AA5-D7DFAA60DE6F}" = hppScanTo
"{9B449C1A-4F64-4ED4-8C96-31B222E8377F}" = BlackBerry Desktop Software 4.2.2
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0B42136-C813-4FB4-84A1-C41E6F12410B}" = hppSendFax
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5A93185-26A8-4F02-B021-D6E6A4396441}" = hppManuals3390
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}" = ScanSoft PDF Create! 3.0
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
"{D5E31EEE-CD8A-4E01-87F1-119C4A3201FD}" = hppscan3390
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DB7F1657-6164-40AE-8A94-8F785C0C3E3F}" = hppFaxDrv3390
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E18E644D-4FC1-4E7F-87B7-A0288A14A322}" = TIxx21/x515
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{E94E150C-762B-4cd1-8A54-7228A07C0710}" = HP LaserJet 3050/3052/3055/3390/3392 2.0
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2270CE2-0373-4D39-8783-2F1542B7D310}" = hpzTLBXFX
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"avast!" = avast! Antivirus
"BlackBerry_{9B449C1A-4F64-4ED4-8C96-31B222E8377F}" = BlackBerry Desktop Software 4.2.2
"CdaC13Ba" = Cda Product Service - shared component
"Cool MP3 Splitter_is1" = Cool MP3 Splitter 2.2
"Direct WAV MP3 Splitter_is1" = Direct WAV MP3 Splitter 2.4
"Ear Training Play It By Ear HN" = Ear Training Play It By Ear HN
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"FTDICOMM" = FTDI USB Serial Converter Drivers
"Google Updater" = Google Updater
"hp LaserJet-all-in-one" = hp LaserJet-all-in-one
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImageMagick 6.5.4 Q16_is1" = ImageMagick 6.5.4-0 Q16 (2009-07-01)
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{E18E644D-4FC1-4E7F-87B7-A0288A14A322}" = Texas Instruments PCIxx21/x515 drivers.
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR14SP3" = MATLAB 7.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mp3tag" = Mp3tag v2.42
"mr7910_32bb2befe1e5d1d6012329af0300b36139b7b84a" = Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Amazing Human Body" = My Amazing Human Body
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenCV2.0" = OpenCV SDK
"PanoramaStudio" = PanoramaStudio 1.5 (uninstall)
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"PRJPROR" = Microsoft Office Project Professional 2007 Trial
"ProInst" = Intel® PROSet/Wireless Software
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 5.8
"VLC media player" = VideoLAN VLC media player 0.8.6b
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager
"Zero Assumption Digital Image Recovery_is1" = Zero Assumption Digital Image Recovery 1.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1501211371-2371496142-710079751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/6/2009 12:14:22 PM | Computer Name = TUNGSTEN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.com/complete/search...;q=lig&cp=3 failed, 0000A413.


[ Application Events ]
Error - 2/12/2010 9:10:06 AM | Computer Name = TUNGSTEN | Source = Google Update | ID = 20
Description =

Error - 2/12/2010 9:25:06 AM | Computer Name = TUNGSTEN | Source = Google Update | ID = 20
Description =

Error - 2/12/2010 10:10:06 AM | Computer Name = TUNGSTEN | Source = Google Update | ID = 20
Description =

Error - 2/12/2010 10:25:06 AM | Computer Name = TUNGSTEN | Source = Google Update | ID = 20
Description =

Error - 2/12/2010 11:00:32 AM | Computer Name = TUNGSTEN | Source = Norton Ghost 9.0 | ID = 100
Description = Description: An error occurred during a scheduled backup of drive
C:\. Error EA390712: Open failed. Error E7D1001D: Unable to open 'E:/C_Drive003.v2i'.
Error 00000003: The system cannot find the path specified. Details: 0xEA390712 Source:
Norton Ghost 9.0

Error - 2/12/2010 11:10:06 AM | Computer Name = TUNGSTEN | Source = Google Update | ID = 20
Description =

Error - 2/12/2010 2:53:50 PM | Computer Name = TUNGSTEN | Source = RIMDeviceFileAccess | ID = 268379920
Description =

Error - 2/12/2010 3:09:41 PM | Computer Name = TUNGSTEN | Source = RIMDeviceFileAccess | ID = 268379920
Description =

Error - 2/12/2010 3:16:25 PM | Computer Name = TUNGSTEN | Source = RIMDeviceFileAccess | ID = 268379920
Description =

Error - 2/12/2010 3:56:15 PM | Computer Name = TUNGSTEN | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.2.2.14, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/14/2010 10:01:06 PM | Computer Name = TUNGSTEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/14/2010 10:01:06 PM | Computer Name = TUNGSTEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/14/2010 10:01:06 PM | Computer Name = TUNGSTEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/14/2010 10:01:06 PM | Computer Name = TUNGSTEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/14/2010 10:01:06 PM | Computer Name = TUNGSTEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/14/2010 10:01:06 PM | Computer Name = TUNGSTEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/14/2010 10:01:06 PM | Computer Name = TUNGSTEN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/14/2010 10:04:23 PM | Computer Name = TUNGSTEN | Source = Service Control Manager | ID = 7000
Description = The P&E BDM Cable Driver I service failed to start due to the following
error: %%2

Error - 2/14/2010 10:04:24 PM | Computer Name = TUNGSTEN | Source = Service Control Manager | ID = 7000
Description = The P&E BDM Cable Driver II service failed to start due to the following
error: %%2

Error - 2/14/2010 10:04:24 PM | Computer Name = TUNGSTEN | Source = Service Control Manager | ID = 7000
Description = The P&E Microcomputer System PCI Driver. service failed to start due
to the following error: %%2


< End of report >


Thanks again!!

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 15 February 2010 - 10:35 AM

Your welcome. thumbup2.gif

Congratulations! You now appear clean!

**********

Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

Uninstall Combofix
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

  • The following will implement some very important cleanup procedures as well as reset System Restore points.

**********
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :Commands
    [CLEARALLRESTOREPOINTS]
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.


**********
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :Commands
    [CREATERESTOREPOINT]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .


**********

Run OTL again

We will now remove the tools we used during this fix using OTL.
  • Double click the OTL icon to start the program.
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

**********

Recommendations


Below are some recommendations to lower your chances of (re)infection.

  1. Install an Anti-Spyware program, and update it regularly
    Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.

    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  2. Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

  3. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.


    Windows XP


    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  4. Keep your other software up to date as well. Software does not need to be made by Microsoft to be insecure. Download Secunia Software Inspector to keep all your software up to date.

  5. Consider Firefox as your primary browser. Its safer, fast and secure!

  6. Install WOT. Never inadvertently surf to a dangerous website again.

  7. Consider running your browser Sandboxed with Sandboxie. You decide what actually get's into your OS!!

  8. Install NoScript. Pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust.

  9. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.

**********

System Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

**********

Good luck & safe surfing,
Kind Regards,
~ t


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 16 February 2010 - 08:37 PM

Since this topic appears to be resolved, I will now close it.
If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users