Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet getting sluggish


  • Please log in to reply
23 replies to this topic

#1 enriquespappa

enriquespappa

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 12 March 2011 - 03:02 PM

This is my first time posting here so please be patient as I try to get you the information needed. Below is my HijackThis Log. I had to run it in safe mode because something was preventing me from saving a new txt file log in normal mode.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:09 PM, on 3/12/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\unsecapp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110204140809.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOLToolBand Class - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1214867651\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262568921328
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Atomic Time Synchronizer (AtSync) - Unknown owner - C:\Program Files\AtSync\ats.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8523 bytes

I have Mcafee Virusscan and it detected and removed 3 trojans last night.

I went to remove a program and noticed that I had a program listed as aaa. I searched and found the link (http://www.bleepingcomputer.com/forums/topic376141.html) describing the removal of this issue. I followed the steps listed and here are my logs and results:

RKill did not find anything

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/12/2011 at 06:22 PM

Application Version : 4.49.1000

Core Rules Database Version : 6584
Trace Rules Database Version: 4396

Scan type : Complete Scan
Total Scan Time : 01:46:43

Memory items scanned : 396
Memory threats detected : 0
Registry items scanned : 10057
Registry threats detected : 0
File items scanned : 140935
File threats detected : 149

Adware.Tracking Cookie
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@msnbc.112.2o7[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@track.freegiftcenter[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@content.yieldmanager[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@adlegend[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@harrenmedianetwork[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@rotator.hadj7.adjuggler[3].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@advertstream[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@sportingnews.122.2o7[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@in.getclicky[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@sales.liveperson[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@find.mapmuse[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@allconnect.112.2o7[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@networldmedia[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@adxpose[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@2o7[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@at.atwola[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@invitemedia[3].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ad.us-ec.adtechus[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@www.ebtaccount.jpmorgan[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@walmart.112.2o7[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@legolas-media[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ad.zanox[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@crackle[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@cofidis2.solution.weborama[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@rotator.adjuggler[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@adserver.adtechus[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@adecn[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@liveperson[4].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@media.adsvelocity[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@mediabrandsww[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@lucidmedia[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@dc.tremormedia[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@media6degrees[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@yieldmanager[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@content.yieldmanager[5].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@adserver.adreactor[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@myroitracking[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@xm.xtendmedia[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@collective-media[3].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@onetoone.112.2o7[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@liveperson[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@eyewonder[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ad.yieldmanager[3].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ads.ad4game[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@dmtracker[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@hpi.rotator.hadj7.adjuggler[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@weborama[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@clicksor[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@user.lucidmedia[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@media.adfrontiers[3].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@tacoda.at.atwola[3].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ads.adk2[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@eharmony.112.2o7[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@liveperson[3].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@warnerbros.112.2o7[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@mediaforge[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ziggymedia.go2cloud[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ads.vureel[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ads.bleepingcomputer[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@beachstreetmedia[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@cdn.at.atwola[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ads.react2media[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@dtag.112.2o7[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@interclick[3].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@trackit.sitescout[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@trvlnet.adbureau[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@wegmansfoods.112.2o7[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ads.undertone[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@specificmedia[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@traveladvertising[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@liveperson[6].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@msnportal.112.2o7[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@server.cpmstar[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@chitika[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@supremeadserver[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@interchangecorporation.122.2o7[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@a1.interclick[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@click2go[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@www.pixeltrack66[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@liveperson[5].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@rotator.hadj7.adjuggler[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@www.googleadservices[2].txt
90degreemedia.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
cdn.media.abc.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
i.adultswim.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
ia.media-imdb.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
kona.kontera.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
media.foxcharlotte.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
media.kyte.tv [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
media.movieweb.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
media.mtvnservices.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
media.nbclosangeles.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
media.oprah.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
media.scanscout.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
media.wfrv.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
media1.break.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
media10.washingtonpost.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
msnbcmedia.msn.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
objects.tremormedia.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
s0.2mdn.net [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
secure-us.imrworldwide.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
static.discoverymedia.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8KYYEE8V ]
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@2o7[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@a1.interclick[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@ad.yieldmanager[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@at.atwola[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@atwola[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@atwola[3].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@cdn.at.atwola[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@collective-media[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@content.yieldmanager[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@content.yieldmanager[3].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@edgeadx[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@interclick[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@invitemedia[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@lucidmedia[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@media.adfrontiers[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@media6degrees[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@rotator.adjuggler[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@tacoda.at.atwola[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@user.lucidmedia[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@yieldmanager[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@2o7[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@a1.interclick[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@a1.interclick[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@a1.interclick[3].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ad.yieldmanager[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adecn[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adserver.adtechus[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@adserver.adtechus[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@ar.atwola[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@at.atwola[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@collective-media[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@content.yieldmanager[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@content.yieldmanager[3].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@dmtracker[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@interclick[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@interclick[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@interclick[4].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@invitemedia[2].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@media6degrees[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@mediabrandsww[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@user.lucidmedia[1].txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\Low\david@walmart.112.2o7[1].txt

Trojan.Agent/Gen-IEFake
C:\USERS\DAVID\APPDATA\LOCAL\TEMP\RARSFX0\H\IEXPLORE.EXE
C:\USERS\DAVID\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\IEXPLORE.EXE

Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\DAVID\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\USERS\DAVID\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\EXPLORER.EXE

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6039

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/12/2011 7:18:00 PM
mbam-log-2011-03-12 (19-18-00).txt

Scan type: Quick scan
Objects scanned: 155244
Time elapsed: 13 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please let me know if there is anything else I can do.

EDIT: Posts merged ~BP

Edited by Budapest, 12 March 2011 - 10:08 PM.
Moved from Vista to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:58 PM

Posted 16 March 2011 - 06:51 PM

Hi,

Welcome to Bleeping Computer

Hijackthis is a bit outdated and we are using newer programs to scan your system, lets do this.


Please download ATF Cleaner by Atribune to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





Download DDS from one of the links below to your desktop

Link 1
Link 2

  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
  • Copy/Paste the contents of 'DDS.txt' into your post.
  • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 enriquespappa

enriquespappa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 17 March 2011 - 05:29 PM

Hi,

Welcome to Bleeping Computer

Hijackthis is a bit outdated and we are using newer programs to scan your system, lets do this.


Please download ATF Cleaner by Atribune to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





Download DDS from one of the links below to your desktop

Link 1
Link 2

  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
  • Copy/Paste the contents of 'DDS.txt' into your post.
  • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)


The first link for dds is dds.scr so I downloaded dds from the second link. My McAffee Virus Scanner gave me two warnings; the first one was that there was supposedly an Artemis E789EA23B492 Trojan and the second was that there was Artemis E789EA23B49C Trojan, both accociated with the dds.com file. Any advice?

#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:58 PM

Posted 17 March 2011 - 05:56 PM

DDS is virus free, go ahead and run it

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#5 enriquespappa

enriquespappa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 17 March 2011 - 09:21 PM

DDS is virus free, go ahead and run it


Ok here is the log file from DDS

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by David at 21:57:51.45 on Thu 03/17/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.513 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\David\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110204140809.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AOLToolBand Class: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\TOSCDSPD.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
mRun: [TPwrMain] "c:\program files\toshiba\power saver\TPwrMain.EXE"
mRun: [SmoothView] "c:\program files\toshiba\smoothview\SmoothView.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPStart] "c:\program files\synaptics\syntp\SynTPStart.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HostManager] c:\program files\common files\aol\1214867651\ee\AOLSoftware.exe
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\microsoft works\WkCalRem.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262568921328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-7-4 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-2-4 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-2-4 164840]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-2-4 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-4 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-4 141792]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-11-6 7168]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-4 313288]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S2 AtSync;Atomic Time Synchronizer;c:\program files\atsync\ats.exe --> c:\program files\atsync\ats.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-29 21504]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-8-24 312152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-2-4 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-2-4 271480]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-2-4 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-4 171168]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-4 55840]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-7-4 152960]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-7-4 52104]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-4 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-7-4 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-7-4 40552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-16 23:20:28 -------- d-----w- c:\users\david\appdata\local\Threat Expert
2011-03-16 12:27:53 767952 ----a-w- c:\windows\BDTSupport.dll0310.old
2011-03-16 12:27:52 1652688 ----a-w- c:\windows\PCTBDCore.dll0310.old
2011-03-16 12:27:52 149456 ----a-w- c:\windows\SGDetectionTool.dll0310.old
2011-03-13 00:01:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-13 00:00:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-13 00:00:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-12 21:29:09 -------- d-----w- c:\users\david\appdata\roaming\SUPERAntiSpyware.com
2011-03-12 21:28:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-12 19:49:57 -------- d-----w- c:\users\david\appdata\roaming\PCFix
2011-03-09 11:16:06 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 11:16:06 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 11:16:06 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 11:16:06 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 11:15:57 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 11:15:57 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-02 11:36:19 -------- d-----w- c:\users\david\appdata\local\Windows Live
2011-03-02 11:34:50 754688 ----a-w- c:\windows\system32\webservices.dll
.
==================== Find3M ====================
.
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 22:00:12.46 ===============

Attached Files



#6 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:58 PM

Posted 18 March 2011 - 04:31 AM

Good Morning,

I am looking at a lot of toolbars and most are not needed
IObitCom Toolbar <--This alters your browser setting somewhat and is not recommended, you can uninstall it via Programs and Features in the Control Panel

Viewpoint Media Player <--This installs also without your knowledge and is really not used for anything, I believe it installed when you installed AOL software. This program runs as a service so its using system resources, this too can be removed via Programs and Features


I am not looking at a whole lot wrong, a few things that we do need to remove , so lets do this, lets check for a rootkit first and then run another program that will look a bit deeper into your system



Please download Rooter Rootkit Detector to your Desktop
  • Doubleclick it to start the tool.
  • A Notepad file containing the report will open, also found at %systemdrive% (usually C:\Rooter.txt.
  • Post the report for me to see.





OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#7 enriquespappa

enriquespappa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 18 March 2011 - 05:22 PM

Rooter.txt

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..

.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Disabled !
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.19019
.
C:\ [Fixed-NTFS] .. ( Total:100 Go - Free:52 Go )
D:\ [CD_Rom]
E:\ [Fixed-NTFS] .. ( Total:9 Go - Free:1 Go )
.
Scan : 07:22.58
Path : C:\Users\David\Desktop\Rooter.exe
User : David ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (536)
Locked csrss.exe (668)
Locked wininit.exe (712)
Locked csrss.exe (724)
Locked services.exe (756)
Locked lsass.exe (772)
Locked lsm.exe (780)
Locked winlogon.exe (852)
Locked svchost.exe (964)
Locked PresentationFontCache.exe (1012)
Locked svchost.exe (1060)
Locked svchost.exe (1184)
Locked svchost.exe (1244)
Locked svchost.exe (1256)
Locked audiodg.exe (1332)
Locked svchost.exe (1360)
Locked SLsvc.exe (1376)
Locked svchost.exe (1408)
Locked svchost.exe (1540)
Locked spoolsv.exe (1912)
Locked svchost.exe (1936)
______ C:\Windows\system32\Dwm.exe (2044)
______ C:\Windows\Explorer.EXE (376)
______ C:\Windows\system32\taskeng.exe (464)
______ C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (1528)
______ C:\Program Files\Toshiba\SmoothView\SmoothView.exe (1740)
______ C:\Windows\RtHDVCpl.exe (1636)
______ C:\Program Files\Synaptics\SynTP\SynTPStart.exe (2012)
______ C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (1944)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (284)
______ C:\Program Files\Common Files\aol\1214867651\ee\aolsoftware.exe (828)
______ C:\Program Files\IObit\IObit Security 360\is360tray.exe (1956)
Locked agrsmsvc.exe (1196)
Locked AOLacsd.exe (1632)
______ C:\Program Files\Common Files\Java\Java Update\jusched.exe (2060)
Locked svchost.exe (2100)
Locked CFSvcs.exe (2124)
______ C:\Program Files\McAfee.com\Agent\mcagent.exe (2152)
______ C:\Program Files\Windows Sidebar\sidebar.exe (2160)
______ C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (2168)
______ C:\Windows\ehome\ehtray.exe (2184)
______ C:\Program Files\Microsoft Works\WkCalRem.exe (2236)
Locked svchost.exe (2448)
Locked is360srv.exe (2464)
Locked McSvHost.exe (2628)
Locked mfevtps.exe (2684)
Locked svchost.exe (2700)
Locked pinger.exe (2732)
Locked svchost.exe (2760)
Locked svchost.exe (2792)
Locked rundll32.exe (2836)
Locked svchost.exe (2844)
Locked TNaviSrv.exe (2920)
Locked TODDSrv.exe (2988)
Locked TosCoSrv.exe (3012)
______ C:\Windows\ehome\ehmsas.exe (3020)
Locked TosBtSrv.exe (3076)
Locked ULCDRSvr.exe (3120)
Locked svchost.exe (3144)
Locked WLIDSVC.EXE (3172)
Locked SearchIndexer.exe (3204)
Locked WLIDSVCM.EXE (3252)
Locked mcshield.exe (3312)
Locked mfefire.exe (3388)
______ C:\Program Files\Synaptics\SynTP\SynToshiba.exe (4048)
______ C:\Program Files\AOL 9.1\waol.exe (4060)
Locked taskeng.exe (1180)
______ C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (3564)
Locked SynTPHelper.exe (4120)
______ C:\Program Files\AOL 9.1\shellmon.exe (5248)
Locked is360.exe (5332)
Locked svchost.exe (5576)
______ C:\Windows\system32\wbem\unsecapp.exe (4388)
Locked WmiPrvSE.exe (4744)
Locked taskeng.exe (3128)
Locked sdclt.exe (6064)
Locked svchost.exe (2252)
Locked mcupdmgr.exe (6092)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (960)
Locked SearchProtocolHost.exe (6192)
Locked SearchFilterHost.exe (6548)
______ C:\Users\David\Desktop\Rooter.exe (1028)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:1572864000)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:1573912576 | Length:107970822144)
\Device\Harddisk0\Partition3 (Start_Offset:109544734720 | Length:10487857152)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\AWC Update.job
C:\Windows\Tasks\DriverCure.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\SmartDefrag.job
C:\Windows\Tasks\User_Feed_Synchronization-{24ADB6E4-755F-4C3E-8855-17A33B0BA8F9}.job
C:\Windows\Tasks\User_Feed_Synchronization-{8FD58CFE-8ABE-4FBB-AEE8-26A411B93682}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 07:23.38
.
C:\Rooter$\Rooter_1.txt - (18/03/2011 | 07:23.38)

OTL.txt

OTL logfile created on: 3/18/2011 7:25:50 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\David\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 240.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.56 Gb Total Space | 52.92 Gb Free Space | 52.62% Space Free | Partition Type: NTFS
Drive E: | 9.77 Gb Total Space | 1.03 Gb Free Space | 10.51% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/18 07:25:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2011/03/18 06:59:12 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/01/17 17:15:32 | 001,155,768 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2010/12/14 10:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/11/22 19:15:16 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/08/20 14:08:28 | 003,467,096 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360.exe
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/01/07 14:07:38 | 000,053,408 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 11:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1214867651\ee\aolsoftware.exe
PRC - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/08/15 19:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/07/21 00:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/06/20 02:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe
PRC - [2007/06/19 19:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/06/16 01:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/05/18 07:43:00 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/04/25 15:14:16 | 004,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 14:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/18 07:25:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/04/01 10:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AtSync)
SRV - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/02/20 19:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/01/07 14:07:38 | 000,053,408 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 23:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 23:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 23:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 23:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 23:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/10/13 23:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/10/05 14:12:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | Disabled | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/10 05:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/19 14:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 08:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/16 17:51:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/01 13:32:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/08/17 10:00:25 | 000,416,688 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14384 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110204140809.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AOLToolBand Class) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1214867651\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262568921328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6a03a7d3-12f1-11de-8704-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{6a03a7d6-12f1-11de-8704-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{6a03a7d6-12f1-11de-8704-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe /AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/18 07:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2011/03/18 07:24:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2011/03/18 07:23:38 | 000,000,000 | ---D | C] -- C:\Rooter$
[2011/03/18 07:22:41 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\David\Desktop\Rooter.exe
[2011/03/18 06:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/03/17 22:06:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\AOL
[2011/03/16 19:20:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Threat Expert
[2011/03/16 08:27:52 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0310.old
[2011/03/16 08:27:52 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0310.old
[2011/03/12 20:01:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/12 20:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/12 20:00:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/12 20:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/12 17:29:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/12 17:29:00 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/12 17:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/12 15:49:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\PCFix
[2011/03/09 07:16:06 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 07:16:06 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 07:16:06 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 07:16:06 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/02 07:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/03/02 07:36:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Windows Live
[2011/03/02 07:34:50 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/18 07:35:04 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8FD58CFE-8ABE-4FBB-AEE8-26A411B93682}.job
[2011/03/18 07:35:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{24ADB6E4-755F-4C3E-8855-17A33B0BA8F9}.job
[2011/03/18 07:25:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2011/03/18 07:22:49 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\David\Desktop\Rooter.exe
[2011/03/18 06:37:45 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 06:37:43 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 06:37:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/17 18:05:42 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011/03/16 08:47:25 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/16 08:47:25 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/16 08:36:53 | 002,303,128 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/03/15 23:05:34 | 000,030,710 | ---- | M] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2011/03/15 23:05:34 | 000,016,384 | ---- | M] () -- C:\Users\David\Desktop\Pay Calculator.xlr
[2011/03/15 22:19:27 | 000,001,356 | ---- | M] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2011/03/11 21:21:58 | 000,017,408 | ---- | M] () -- C:\Users\David\Desktop\Trip Log.xlr
[2011/03/02 10:15:16 | 002,349,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/16 08:33:58 | 002,303,128 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/03/16 08:27:53 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0310.old
[2011/03/14 13:28:39 | 000,016,384 | ---- | C] () -- C:\Users\David\Desktop\Pay Calculator.xlr
[2011/02/12 11:14:26 | 000,339,155 | ---- | C] () -- C:\Users\David\AppData\Local\census.cache
[2011/02/12 11:13:48 | 000,202,255 | ---- | C] () -- C:\Users\David\AppData\Local\ars.cache
[2010/09/08 13:31:14 | 000,001,096 | ---- | C] () -- C:\Windows\BZII.INI
[2010/08/17 12:16:30 | 000,000,036 | ---- | C] () -- C:\Users\David\AppData\Local\housecall.guid.cache
[2010/07/15 11:47:20 | 000,002,994 | ---- | C] () -- C:\Users\David\AppData\Roaming\SAS7_000.DAT
[2010/05/16 08:44:53 | 000,000,087 | ---- | C] () -- C:\Users\David\AppData\Local\config.ini
[2010/05/02 21:40:25 | 000,168,867 | ---- | C] () -- C:\Users\David\AppData\Local\debuggee.mdmp
[2010/02/24 13:06:45 | 000,000,088 | RHS- | C] () -- C:\ProgramData\44C3B32B6C.sys
[2010/02/24 13:06:43 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/02/16 17:50:50 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/08 13:07:27 | 000,077,351 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/06 09:45:27 | 000,000,181 | ---- | C] () -- C:\Windows\wininit.ini
[2009/06/29 16:06:41 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2009/06/02 13:15:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/02 13:15:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/25 11:31:43 | 000,116,839 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/09/30 20:49:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/13 06:22:04 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/08/07 13:52:54 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2008/08/02 13:26:52 | 000,157,482 | ---- | C] () -- C:\Windows\hphins26.dat
[2008/08/02 13:26:52 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat
[2008/07/02 23:22:41 | 000,030,710 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2008/07/02 23:21:42 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/07/02 12:15:23 | 000,000,193 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/07/01 15:20:05 | 000,029,184 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/01 10:53:15 | 000,001,356 | ---- | C] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2008/06/30 19:11:54 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/04/26 14:19:29 | 000,000,090 | ---- | C] () -- C:\Windows\ka.ini
[2008/03/30 20:30:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/03/30 20:30:26 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/03/30 20:30:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/03/30 20:30:26 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/03/30 20:30:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/03/30 20:30:26 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/03/30 20:30:26 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/03/30 20:30:26 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/03/30 20:30:26 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/03/30 20:30:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/03/30 20:30:26 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/03/30 20:30:26 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/03/30 20:30:26 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/03/30 20:30:26 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/03/30 20:30:26 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/03/30 20:30:26 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/03/30 20:29:16 | 000,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2008/03/30 18:19:45 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2007/11/06 19:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 19:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 19:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 19:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 19:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 19:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 19:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 18:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 18:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 18:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 18:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 18:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 18:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 18:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 18:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 19:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 19:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 19:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 19:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 17:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,349,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 14:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 01:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:2D5907B8
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:61A065F2
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:D3A8AA31
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

#8 enriquespappa

enriquespappa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 18 March 2011 - 05:28 PM

OTL.txt

OTL logfile created on: 3/18/2011 7:25:50 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\David\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 240.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.56 Gb Total Space | 52.92 Gb Free Space | 52.62% Space Free | Partition Type: NTFS
Drive E: | 9.77 Gb Total Space | 1.03 Gb Free Space | 10.51% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/18 07:25:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2011/03/18 06:59:12 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/01/17 17:15:32 | 001,155,768 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2010/12/14 10:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/11/22 19:15:16 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/08/20 14:08:28 | 003,467,096 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360.exe
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/01/07 14:07:38 | 000,053,408 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 11:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1214867651\ee\aolsoftware.exe
PRC - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/08/15 19:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/07/21 00:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/06/20 02:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe
PRC - [2007/06/19 19:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/06/16 01:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/05/18 07:43:00 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/04/25 15:14:16 | 004,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 14:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/18 07:25:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/04/01 10:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AtSync)
SRV - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/02/20 19:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/01/07 14:07:38 | 000,053,408 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 23:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 23:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 23:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 23:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 23:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/10/13 23:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/10/05 14:12:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | Disabled | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/10 05:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/19 14:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 08:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/16 17:51:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/01 13:32:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/08/17 10:00:25 | 000,416,688 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14384 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110204140809.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AOLToolBand Class) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1214867651\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262568921328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6a03a7d3-12f1-11de-8704-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{6a03a7d6-12f1-11de-8704-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{6a03a7d6-12f1-11de-8704-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe /AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/18 07:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2011/03/18 07:24:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2011/03/18 07:23:38 | 000,000,000 | ---D | C] -- C:\Rooter$
[2011/03/18 07:22:41 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\David\Desktop\Rooter.exe
[2011/03/18 06:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/03/17 22:06:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\AOL
[2011/03/16 19:20:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Threat Expert
[2011/03/16 08:27:52 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0310.old
[2011/03/16 08:27:52 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0310.old
[2011/03/12 20:01:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/12 20:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/12 20:00:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/12 20:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/12 17:29:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/12 17:29:00 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/12 17:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/12 15:49:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\PCFix
[2011/03/09 07:16:06 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 07:16:06 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 07:16:06 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 07:16:06 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/02 07:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/03/02 07:36:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Windows Live
[2011/03/02 07:34:50 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/18 07:35:04 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8FD58CFE-8ABE-4FBB-AEE8-26A411B93682}.job
[2011/03/18 07:35:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{24ADB6E4-755F-4C3E-8855-17A33B0BA8F9}.job
[2011/03/18 07:25:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2011/03/18 07:22:49 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\David\Desktop\Rooter.exe
[2011/03/18 06:37:45 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 06:37:43 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 06:37:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/17 18:05:42 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011/03/16 08:47:25 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/16 08:47:25 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/16 08:36:53 | 002,303,128 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/03/15 23:05:34 | 000,030,710 | ---- | M] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2011/03/15 23:05:34 | 000,016,384 | ---- | M] () -- C:\Users\David\Desktop\Pay Calculator.xlr
[2011/03/15 22:19:27 | 000,001,356 | ---- | M] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2011/03/11 21:21:58 | 000,017,408 | ---- | M] () -- C:\Users\David\Desktop\Trip Log.xlr
[2011/03/02 10:15:16 | 002,349,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/16 08:33:58 | 002,303,128 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/03/16 08:27:53 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0310.old
[2011/03/14 13:28:39 | 000,016,384 | ---- | C] () -- C:\Users\David\Desktop\Pay Calculator.xlr
[2011/02/12 11:14:26 | 000,339,155 | ---- | C] () -- C:\Users\David\AppData\Local\census.cache
[2011/02/12 11:13:48 | 000,202,255 | ---- | C] () -- C:\Users\David\AppData\Local\ars.cache
[2010/09/08 13:31:14 | 000,001,096 | ---- | C] () -- C:\Windows\BZII.INI
[2010/08/17 12:16:30 | 000,000,036 | ---- | C] () -- C:\Users\David\AppData\Local\housecall.guid.cache
[2010/07/15 11:47:20 | 000,002,994 | ---- | C] () -- C:\Users\David\AppData\Roaming\SAS7_000.DAT
[2010/05/16 08:44:53 | 000,000,087 | ---- | C] () -- C:\Users\David\AppData\Local\config.ini
[2010/05/02 21:40:25 | 000,168,867 | ---- | C] () -- C:\Users\David\AppData\Local\debuggee.mdmp
[2010/02/24 13:06:45 | 000,000,088 | RHS- | C] () -- C:\ProgramData\44C3B32B6C.sys
[2010/02/24 13:06:43 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/02/16 17:50:50 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/08 13:07:27 | 000,077,351 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/06 09:45:27 | 000,000,181 | ---- | C] () -- C:\Windows\wininit.ini
[2009/06/29 16:06:41 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2009/06/02 13:15:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/02 13:15:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/25 11:31:43 | 000,116,839 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/09/30 20:49:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/13 06:22:04 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/08/07 13:52:54 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2008/08/02 13:26:52 | 000,157,482 | ---- | C] () -- C:\Windows\hphins26.dat
[2008/08/02 13:26:52 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat
[2008/07/02 23:22:41 | 000,030,710 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2008/07/02 23:21:42 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/07/02 12:15:23 | 000,000,193 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/07/01 15:20:05 | 000,029,184 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/01 10:53:15 | 000,001,356 | ---- | C] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2008/06/30 19:11:54 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/04/26 14:19:29 | 000,000,090 | ---- | C] () -- C:\Windows\ka.ini
[2008/03/30 20:30:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/03/30 20:30:26 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/03/30 20:30:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/03/30 20:30:26 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/03/30 20:30:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/03/30 20:30:26 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/03/30 20:30:26 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/03/30 20:30:26 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/03/30 20:30:26 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/03/30 20:30:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/03/30 20:30:26 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/03/30 20:30:26 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/03/30 20:30:26 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/03/30 20:30:26 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/03/30 20:30:26 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/03/30 20:30:26 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/03/30 20:29:16 | 000,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2008/03/30 18:19:45 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2007/11/06 19:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 19:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 19:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 19:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 19:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 19:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 19:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 18:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 18:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 18:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 18:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 18:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 18:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 18:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 18:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 19:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 19:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 19:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 19:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 17:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,349,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 14:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 01:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:2D5907B8
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:61A065F2
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:D3A8AA31
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

#9 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:58 PM

Posted 18 March 2011 - 07:53 PM

Hi,

Still nothing really malicious

Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe







Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    
    :processes
    killallprocesses
    
    :OTL
    @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:2D5907B8
    @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:60C897F3
    @Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:61A065F2
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
    @Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:D3A8AA31
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2BDCFAD6
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#10 enriquespappa

enriquespappa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 19 March 2011 - 04:54 PM

I accidently saved a file over the OTL after the RunFix ran. Here is the new OTL.txt. Also I had tried downloading SpywareDoctor thinking it was a free tool but it was only free to download. It said I had Trojan.Gen and Trojan.Maljava in my Java.Sun files. The other thing that I have been trying to remove is the aaa.exe.

OTL logfile created on: 3/19/2011 7:20:07 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\David\Desktop\PC Safety
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 287.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.56 Gb Total Space | 52.59 Gb Free Space | 52.30% Space Free | Partition Type: NTFS
Drive E: | 9.77 Gb Total Space | 0.99 Gb Free Space | 10.11% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/18 07:25:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\PC Safety\OTL.exe
PRC - [2011/03/18 06:59:12 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/12/18 00:47:42 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2010/12/14 10:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/11/22 19:15:16 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/08/20 14:08:28 | 003,467,096 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360.exe
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/01/07 14:07:38 | 000,053,408 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 11:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1214867651\ee\aolsoftware.exe
PRC - [2008/06/03 01:36:06 | 000,039,264 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2008/06/03 01:36:05 | 000,054,624 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/08/15 19:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/07/21 00:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/06/20 02:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe
PRC - [2007/06/19 19:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/06/16 01:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/05/18 07:43:00 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/04/25 15:14:16 | 004,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 14:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/18 07:25:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\PC Safety\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/04/01 10:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AtSync)
SRV - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/02/20 19:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/01/07 14:07:38 | 000,053,408 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 23:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 23:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 23:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 23:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 23:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/10/13 23:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/10/05 14:12:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/10 05:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/19 14:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 08:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/16 17:51:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/01 13:32:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/03/18 22:15:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110204140809.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AOLToolBand Class) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIObi.dll (Conduit Ltd.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1214867651\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262568921328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6a03a7d3-12f1-11de-8704-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{6a03a7d6-12f1-11de-8704-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{6a03a7d6-12f1-11de-8704-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe /AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/19 06:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/03/18 22:15:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/18 22:12:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/18 22:09:10 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\erunt
[2011/03/18 07:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2011/03/18 07:23:38 | 000,000,000 | ---D | C] -- C:\Rooter$
[2011/03/17 22:06:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\AOL
[2011/03/16 19:20:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Threat Expert
[2011/03/16 08:27:52 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0310.old
[2011/03/16 08:27:52 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0310.old
[2011/03/12 20:01:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/12 20:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/12 20:00:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/12 20:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/12 17:29:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/12 17:29:00 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/12 17:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/12 15:49:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\PCFix
[2011/03/09 07:16:06 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 07:16:06 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 07:16:06 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 07:16:06 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/02 07:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/03/02 07:36:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Windows Live
[2011/03/02 07:34:50 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll

========== Files - Modified Within 30 Days ==========

[2011/03/19 07:25:46 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8FD58CFE-8ABE-4FBB-AEE8-26A411B93682}.job
[2011/03/19 07:25:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{24ADB6E4-755F-4C3E-8855-17A33B0BA8F9}.job
[2011/03/19 06:31:51 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/19 06:31:51 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/19 06:30:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/18 22:15:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/03/18 21:36:19 | 000,030,710 | ---- | M] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2011/03/18 21:36:19 | 000,010,752 | ---- | M] () -- C:\Users\David\Desktop\LWCF Email Addresses.xlr
[2011/03/18 21:11:04 | 000,001,356 | ---- | M] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2011/03/18 18:06:04 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011/03/16 08:47:25 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/16 08:47:25 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/16 08:36:53 | 002,303,128 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/03/15 23:05:34 | 000,016,384 | ---- | M] () -- C:\Users\David\Desktop\Pay Calculator.xlr
[2011/03/11 21:21:58 | 000,017,408 | ---- | M] () -- C:\Users\David\Desktop\Trip Log.xlr
[2011/03/02 10:15:16 | 002,349,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/03/16 08:33:58 | 002,303,128 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/03/16 08:27:53 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0310.old
[2011/03/14 13:28:39 | 000,016,384 | ---- | C] () -- C:\Users\David\Desktop\Pay Calculator.xlr
[2011/02/12 11:14:26 | 000,339,155 | ---- | C] () -- C:\Users\David\AppData\Local\census.cache
[2011/02/12 11:13:48 | 000,202,255 | ---- | C] () -- C:\Users\David\AppData\Local\ars.cache
[2010/09/08 13:31:14 | 000,001,096 | ---- | C] () -- C:\Windows\BZII.INI
[2010/08/17 12:16:30 | 000,000,036 | ---- | C] () -- C:\Users\David\AppData\Local\housecall.guid.cache
[2010/07/15 11:47:20 | 000,002,994 | ---- | C] () -- C:\Users\David\AppData\Roaming\SAS7_000.DAT
[2010/05/16 08:44:53 | 000,000,087 | ---- | C] () -- C:\Users\David\AppData\Local\config.ini
[2010/05/02 21:40:25 | 000,168,867 | ---- | C] () -- C:\Users\David\AppData\Local\debuggee.mdmp
[2010/02/24 13:06:45 | 000,000,088 | RHS- | C] () -- C:\ProgramData\44C3B32B6C.sys
[2010/02/24 13:06:43 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/02/16 17:50:50 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/08 13:07:27 | 000,077,351 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/06 09:45:27 | 000,000,181 | ---- | C] () -- C:\Windows\wininit.ini
[2009/06/29 16:06:41 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2009/06/02 13:15:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/02 13:15:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/25 11:31:43 | 000,116,839 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/09/30 20:49:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/13 06:22:04 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/08/07 13:52:54 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2008/08/02 13:26:52 | 000,157,482 | ---- | C] () -- C:\Windows\hphins26.dat
[2008/08/02 13:26:52 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat
[2008/07/02 23:22:41 | 000,030,710 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2008/07/02 23:21:42 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/07/02 12:15:23 | 000,000,193 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/07/01 15:20:05 | 000,029,184 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/01 10:53:15 | 000,001,356 | ---- | C] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2008/06/30 19:11:54 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/04/26 14:19:29 | 000,000,090 | ---- | C] () -- C:\Windows\ka.ini
[2008/03/30 20:30:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/03/30 20:30:26 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/03/30 20:30:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/03/30 20:30:26 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/03/30 20:30:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/03/30 20:30:26 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/03/30 20:30:26 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/03/30 20:30:26 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/03/30 20:30:26 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/03/30 20:30:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/03/30 20:30:26 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/03/30 20:30:26 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/03/30 20:30:26 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/03/30 20:30:26 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/03/30 20:30:26 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/03/30 20:30:26 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/03/30 20:29:16 | 000,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2008/03/30 18:19:45 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2007/11/06 19:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 19:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 19:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 19:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 19:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 19:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 19:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 18:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 18:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 18:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 18:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 18:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 18:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 18:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 18:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 19:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 19:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 19:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 19:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 17:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,349,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 14:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 01:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >

#11 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:58 PM

Posted 19 March 2011 - 05:04 PM

Looks ok, how are things running now ?

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#12 enriquespappa

enriquespappa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 19 March 2011 - 06:41 PM

I'm still getting a lot of drag every now and then. I noticed some sex tracker stuff that probably has been on there from the last owner of my lap top that I need to get off as well as some Registry Entries I might clear. What do you think of me removing:

O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - No CLSID value found.
O4 - HKLM..\Run: [NDSTray.exe] File not found

#13 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:58 PM

Posted 19 March 2011 - 07:22 PM

Hi,

If you look at your new OTL log we reset your hosts file so all those 01s are gone.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A6E4A4EB-D169-4E99-8988-250FCBAFE767} - No CLSID value found. <--This one is optional
O4 - HKLM..\Run: [NDSTray.exe] File not found <--This one is related to your toshiba laptop


Open Internet Explorer and go to Tools> Internet Options > Advanced Tab > Reset Internet Explorer Setting > Reset......this will take a minute or two and then ok your way out. Close IE and then reopen it and see if it made a difference.


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
http://www.eset.com/onlinescan/

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#14 enriquespappa

enriquespappa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 20 March 2011 - 08:15 PM

Really dumb question before I download ESET. Does downloading this in Safemode with Networking prevent anything else from being downloaded or will this leave me more open for attack since while in Safemode hardly any of my virus protection loads>

#15 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:58 PM

Posted 21 March 2011 - 03:35 AM

Good Morning,

When you run online scans like this its best to disable your AV as to not interfere with the scan, you can re enable it as soon as the scan is done. As long as your just running the scan and not browsing around you will be ok. When you run this scan in safemode with networking your AV will most likely not load, so your call to either disable it or run this scan in safemode

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users