dreamer

Malwarebytes won't update or most or all my AV stuff seems to be infected. I think it is a trojan.? I run MB and it says no errors, but stuff keeps popping up. I am having to even use another computer to email this. Someone please help me.

I am trying to help an employee get pc uninfected. I could not download and run MalBytes from his computer. I Was able to copy a setup file from my computer and move to his.. and it allowed me to load the software but NOT run an update. First time I can it, there were a lot of infections. Several Trojans. I deleted them all. Ran again but does not show an infections. BUT MS security will pop up an infected file screen every now and then. MB will still not allow me to update the version. And AVG errors too. Half the Malbytes forum will not work so I am having to post this on my computer. Can someone help me with next steps?

Not on this puter. Unless son was using it. Thanks I donated.

Done. Thanks Any clue on how I got this. I don't remember doing anything different than I usually do. nor was not opening files when it started. Had hardly even used it the day it started.

Done. Thanks. Any clue as to how I got this? I don't remember opening or doing anything different.

Deleted the folder

Found it and deleted it after I reset to show hidden files.

I don't see a folder or file of that name. I don't see a folder \Local Settings\ in administrator. ??? Everything seems to be ok since the malwarebytes run.

ComboFix 10-05-08.03 - Administrator 05/09/2010 15:48:33.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1941 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 ))))))))))))))))))))))))))))))) . 2010-05-09 18:32 . 2010-05-09 18:43 -------- d-----w- C:\Combo-Fix18610C 2010-05-09 17:12 . 2010-05-09 17:29 -------- d-----w- C:\Combo-Fix 2010-05-09 15:47 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-07 23:18 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\etyfivgrf 2010-04-27 00:38 . 2010-04-27 00:38 50354 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\uninstall.exe 2010-04-27 00:38 . 2010-04-27 00:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Facebook 2010-04-20 17:30 . 2010-04-20 17:30 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-20 17:27 . 2010-04-20 17:27 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-10 00:53 . 2010-04-10 00:53 98920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-09 19:05 . 2009-12-14 02:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2010-04-28 13:32 . 2009-07-15 15:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2010-04-27 13:22 . 2009-07-15 15:20 3164 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys 2010-04-24 22:53 . 2010-04-06 13:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData 2010-04-22 23:09 . 2009-12-09 04:56 0 ----a-w- c:\windows\system32\drivers\FUJITSU_AE5AJ3A323450000_WXPTPC.MKR 2010-04-20 17:29 . 2010-02-11 00:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-14 18:50 . 2006-05-17 19:59 -------- d-----w- c:\program files\Google 2010-04-14 07:07 . 2009-07-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-18 14:55 . 2010-03-18 14:55 207056 ----a-w- c:\documents and settings\All Users\Application Data\tmp22E.tmp 2010-03-16 18:48 . 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-16 18:48 . 2010-02-11 00:33 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-16 18:47 . 2010-02-11 00:33 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-11 12:38 . 2006-05-17 11:55 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2006-05-17 11:54 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2006-05-17 11:54 17408 ------w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2006-05-17 11:55 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\axfbootloader.dll 2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll 2010-02-24 13:11 . 2006-05-17 11:54 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-15 20:47 . 2010-02-15 20:47 103449 ----a-w- c:\documents and settings\All Users\Application Data\tmp530.tmp 2010-02-15 00:52 . 2010-02-14 23:58 156075 ----a-w- c:\windows\hpwins12.dat 2010-02-12 04:33 . 2006-05-17 11:54 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2006-05-17 11:55 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2001-12-03 21:09 . 2009-09-18 21:02 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\Administrator\Local Settings\Application Data\etyfivgrf ---- ((((((((((((((((((((((((((((( SnapShot@2010-05-09_17.25.18 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-09 19:45 . 2010-05-09 19:45 16384 c:\windows\Temp\Perflib_Perfdata_b88.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 88365] "FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-31 20480] "FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-19 303104] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-26 30192] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-16 122368] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336] "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440] "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-28 73728] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Fujitsu\\Utils\\FjMnuIco.exe"= "c:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [5/17/2006 3:56 PM 10496] R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/21/2006 6:05 PM 36352] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [9/23/2005 10:48 AM 28544] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2010 8:33 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2010 8:34 PM 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 2:48 PM 308064] R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [5/17/2006 3:56 PM 17920] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/17/2006 3:39 PM 4864] R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [5/17/2006 3:39 PM 31104] S2 gupdate1ca0cb5d637f1e;Google Update Service (gupdate1ca0cb5d637f1e);c:\program files\Google\Update\GoogleUpdate.exe [7/24/2009 7:18 PM 133104] S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 8:20 PM 3872] S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [5/17/2006 3:39 PM 5632] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/15/2009 10:28 AM 30192] S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/17/2006 3:39 PM 35968] S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [5/17/2006 8:31 AM 14208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2010-05-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-16 23:05] 2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18] 2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: intuit.com\ttlc Trusted Zone: isqft.com Trusted Zone: isqft.com\www Trusted Zone: isqft.com\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 15:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2896) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\windows journal\nbmaptip.dll c:\windows\IME\SPGRMR.DLL . Completion time: 2010-05-09 15:54:59 ComboFix-quarantined-files.txt 2010-05-09 19:54 ComboFix2.txt 2010-05-09 18:43 ComboFix3.txt 2010-05-09 17:29 Pre-Run: 13,815,136,256 bytes free Post-Run: 13,781,733,376 bytes free - - End Of File - - BF90E58C9F81881EC0D5E9D14E156A8A === Antivirus Version Last Update Result a-squared 4.5.0.50 2010.05.09 - AhnLab-V3 2010.05.09.00 2010.05.08 - AntiVir 8.2.1.236 2010.05.07 - Antiy-AVL 2.0.3.7 2010.05.07 - Authentium 5.2.0.5 2010.05.09 - Avast 4.8.1351.0 2010.05.09 - Avast5 5.0.332.0 2010.05.09 - AVG 9.0.0.787 2010.05.09 - BitDefender 7.2 2010.05.09 - CAT-QuickHeal 10.00 2010.05.08 - ClamAV 0.96.0.3-git 2010.05.09 - Comodo 4800 2010.05.09 - DrWeb 5.0.2.03300 2010.05.09 - eSafe 7.0.17.0 2010.05.09 - eTrust-Vet None 2010.05.07 - F-Prot 4.5.1.85 2010.05.09 - F-Secure 9.0.15370.0 2010.05.09 - Fortinet 4.1.133.0 2010.05.09 - GData 21 2010.05.09 - Ikarus T3.1.1.84.0 2010.05.09 - Jiangmin 13.0.900 2010.05.09 - Kaspersky 7.0.0.125 2010.05.09 - McAfee 5.400.0.1158 2010.05.09 - McAfee-GW-Edition 2010.1 2010.05.09 - Microsoft 1.5703 2010.05.09 - NOD32 5098 2010.05.09 - Norman 6.04.12 2010.05.09 - nProtect 2010-05-09.01 2010.05.09 - Panda 10.0.2.7 2010.05.09 - PCTools 7.0.3.5 2010.05.07 - Prevx 3.0 2010.05.09 - Rising 22.46.06.04 2010.05.09 - Sophos 4.53.0 2010.05.09 - Sunbelt 6282 2010.05.09 - Symantec 20091.2.0.41 2010.05.09 - TheHacker 6.5.2.0.277 2010.05.09 - TrendMicro 9.120.0.1004 2010.05.09 - TrendMicro-HouseCall 9.120.0.1004 2010.05.09 - VBA32 3.12.12.4 2010.05.06 - ViRobot 2010.5.8.2306 2010.05.08 - VirusBuster 5.0.27.0 2010.05.09 - Additional information File size: 207056 bytes MD5...: aabf83058030d6cc6c12d43418c33c86 SHA1..: 645f4e23532136f28e4880149ea55e90770837f0 SHA256: 7162605f36e71caabf4a1d765e2a193dd25546b9cf1157805e68c0e94f74db13 ssdeep: 3072:YW/koiDeUJOFIXBKZ2rR9GxIoFzZxoFftz+YKXidb3e+yIHkADvUhRJpeRc :YW8oWJweBDR9GxIet6ZEYMidb3jjhUhZ PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - trid..: Adobe Portable Document Format (100.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned pdfid.: PDF Header: %PDF-1.3 obj 36 endobj 36 stream 10 endstream 9 xref 1 trailer 1 startxref 1 /Page 2 /Encrypt 0 /ObjStm 0 /JS 0 /JavaScript 0 /AA 0 /OpenAction 0 /AcroForm 0 /JBIG2Decode 0 /RichMedia 0 /Launch 0 /Colors > 2^24 0

ComboFix 10-05-08.03 - Administrator 05/09/2010 14:33:51.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1746 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} file zipped: d:\setupsnk.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . d:\setupsnk.exe . ((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 ))))))))))))))))))))))))))))))) . 2010-05-09 17:12 . 2010-05-09 17:29 -------- d-----w- C:\Combo-Fix 2010-05-09 15:47 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-07 23:18 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\etyfivgrf 2010-04-27 00:38 . 2010-04-27 00:38 50354 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\uninstall.exe 2010-04-27 00:38 . 2010-04-27 00:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Facebook 2010-04-20 17:30 . 2010-04-20 17:30 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-20 17:27 . 2010-04-20 17:27 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-10 00:53 . 2010-04-10 00:53 98920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-09 17:09 . 2009-12-14 02:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2010-04-28 13:32 . 2009-07-15 15:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2010-04-27 13:22 . 2009-07-15 15:20 3164 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys 2010-04-24 22:53 . 2010-04-06 13:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData 2010-04-22 23:09 . 2009-12-09 04:56 0 ----a-w- c:\windows\system32\drivers\FUJITSU_AE5AJ3A323450000_WXPTPC.MKR 2010-04-20 17:29 . 2010-02-11 00:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-14 18:50 . 2006-05-17 19:59 -------- d-----w- c:\program files\Google 2010-04-14 07:07 . 2009-07-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-18 14:55 . 2010-03-18 14:55 207056 ----a-w- c:\documents and settings\All Users\Application Data\tmp22E.tmp 2010-03-16 18:48 . 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-16 18:48 . 2010-02-11 00:33 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-16 18:47 . 2010-02-11 00:33 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-11 12:38 . 2006-05-17 11:55 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2006-05-17 11:54 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2006-05-17 11:54 17408 ------w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2006-05-17 11:55 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\axfbootloader.dll 2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll 2010-02-24 13:11 . 2006-05-17 11:54 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-15 20:47 . 2010-02-15 20:47 103449 ----a-w- c:\documents and settings\All Users\Application Data\tmp530.tmp 2010-02-15 00:52 . 2010-02-14 23:58 156075 ----a-w- c:\windows\hpwins12.dat 2010-02-12 04:33 . 2006-05-17 11:54 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2006-05-17 11:55 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2001-12-03 21:09 . 2009-09-18 21:02 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll . ((((((((((((((((((((((((((((( SnapShot@2010-05-09_17.25.18 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-09 18:38 . 2010-05-09 18:38 16384 c:\windows\Temp\Perflib_Perfdata_ba8.dat + 2010-05-09 18:38 . 2010-05-09 18:38 16384 c:\windows\Temp\Perflib_Perfdata_928.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 88365] "FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-31 20480] "FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-19 303104] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-26 30192] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-16 122368] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336] "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440] "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-28 73728] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Fujitsu\\Utils\\FjMnuIco.exe"= "c:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [5/17/2006 3:56 PM 10496] R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/21/2006 6:05 PM 36352] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [9/23/2005 10:48 AM 28544] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2010 8:33 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2010 8:34 PM 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 2:48 PM 308064] R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [5/17/2006 3:56 PM 17920] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/17/2006 3:39 PM 4864] R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [5/17/2006 3:39 PM 31104] S2 gupdate1ca0cb5d637f1e;Google Update Service (gupdate1ca0cb5d637f1e);c:\program files\Google\Update\GoogleUpdate.exe [7/24/2009 7:18 PM 133104] S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 8:20 PM 3872] S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [5/17/2006 3:39 PM 5632] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/15/2009 10:28 AM 30192] S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/17/2006 3:39 PM 35968] S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [5/17/2006 8:31 AM 14208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2010-05-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-16 23:05] 2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18] 2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: intuit.com\ttlc Trusted Zone: isqft.com Trusted Zone: isqft.com\www Trusted Zone: isqft.com\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 14:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2688) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\windows journal\nbmaptip.dll c:\windows\IME\SPGRMR.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe c:\windows\System32\SCardSvr.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\windows\System32\tabbtnu.exe c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe c:\windows\System32\digtizer.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\lotus\notes\ntmulti.exe c:\windows\system32\o2flash.exe c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe c:\windows\system32\wdfmgr.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe c:\windows\AGRSMMSG.exe c:\windows\system32\igfxsrvc.exe c:\program files\Fujitsu\Utils\FjDspMon.exe c:\program files\Fujitsu\Utils\fjevents.exe c:\windows\system32\igfxext.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe . ************************************************************************** . Completion time: 2010-05-09 14:43:33 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-09 18:43 ComboFix2.txt 2010-05-09 17:29 Pre-Run: 13,847,633,920 bytes free Post-Run: 13,813,817,344 bytes free - - End Of File - - E2330FB0497754AB7EE6F49CDC0A9E4D

ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/05/09 14:07 Program Version: Version 1.3.5.0 Windows Version: Windows XP Tablet PC Edition SP3 ================================================== Drivers ------------------- Name: catchme.sys Image Path: C:\Combo-Fix\catchme.sys Address: 0xBA458000 Size: 31744 File Visible: No Signed: - Status: - Name: Combo-Fix.sys Image Path: Combo-Fix.sys Address: 0xBA118000 Size: 60416 File Visible: No Signed: - Status: - Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0x98761000 Size: 876544 File Visible: No Signed: - Status: - Name: mbr.sys Image Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys Address: 0xBA430000 Size: 20864 File Visible: No Signed: - Status: - Name: PROCEXP113.SYS Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Address: 0xBA62C000 Size: 7872 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0x97B36000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\WINDOWS\Temp\HPSLPS001.log Status: Locked to the Windows API! Path: d:\setupsnk.exe Status: Size mismatch (API: 28672, Raw: 1049901663130775552) Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5} Status: Invisible to the Windows API! Path: D:\System Volume Information\_restore{8152C0C8-324C-4987-80CA-A441BE6B69A5} Status: Visible to the Windows API, but not on disk. Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP243 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP244 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP246 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP249 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP255 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP263 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP264 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP266 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP278 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP283 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP289 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291 Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP243\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP243\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP243\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP244\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP244\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP244\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP246\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP246\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP246\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP249\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP249\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP249\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP255\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP255\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP255\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP263\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP263\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP263\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP264\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP264\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP264\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP266\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP266\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP266\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271\change.log.2 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP278\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP278\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP278\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP283\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP283\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP283\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP289\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP289\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP289\RestorePointSize Status: Invisible to the Windows API! Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\* Status: Could not enumerate files with the Windows API (0x00000003)! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\A0106980.ini Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\A0106994.ini Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\A0106996.INF Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\change.log Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\change.log.1 Status: Invisible to the Windows API! Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\RestorePointSize Status: Invisible to the Windows API! ==EOF==

ComboFix 10-05-08.02 - Administrator 05/09/2010 13:17:57.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1806 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AbaleZip.dll c:\windows\Tasks.\nfowedgj.job c:\windows\Temp\tmp3.tmp D:\Autorun.inf c:\windows\Tasks.\nfowedgj.job . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 ))))))))))))))))))))))))))))))) . 2010-05-09 15:47 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-07 23:18 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\etyfivgrf 2010-04-27 00:38 . 2010-04-27 00:38 50354 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\uninstall.exe 2010-04-27 00:38 . 2010-04-27 00:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Facebook 2010-04-20 17:30 . 2010-04-20 17:30 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-20 17:27 . 2010-04-20 17:27 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-10 00:53 . 2010-04-10 00:53 98920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-09 17:09 . 2009-12-14 02:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2010-04-28 13:32 . 2009-07-15 15:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2010-04-27 13:22 . 2009-07-15 15:20 3164 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys 2010-04-24 22:53 . 2010-04-06 13:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData 2010-04-22 23:09 . 2009-12-09 04:56 0 ----a-w- c:\windows\system32\drivers\FUJITSU_AE5AJ3A323450000_WXPTPC.MKR 2010-04-20 17:29 . 2010-02-11 00:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-14 18:50 . 2006-05-17 19:59 -------- d-----w- c:\program files\Google 2010-04-14 07:07 . 2009-07-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-18 14:55 . 2010-03-18 14:55 207056 ----a-w- c:\documents and settings\All Users\Application Data\tmp22E.tmp 2010-03-16 18:48 . 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-16 18:48 . 2010-02-11 00:33 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-16 18:47 . 2010-02-11 00:33 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-11 12:38 . 2006-05-17 11:55 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2006-05-17 11:54 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2006-05-17 11:54 17408 ------w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2006-05-17 11:55 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\axfbootloader.dll 2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll 2010-02-24 13:11 . 2006-05-17 11:54 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-15 20:47 . 2010-02-15 20:47 103449 ----a-w- c:\documents and settings\All Users\Application Data\tmp530.tmp 2010-02-15 00:52 . 2010-02-14 23:58 156075 ----a-w- c:\windows\hpwins12.dat 2010-02-12 04:33 . 2006-05-17 11:54 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2006-05-17 11:55 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2001-12-03 21:09 . 2009-09-18 21:02 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 88365] "FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-31 20480] "FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-19 303104] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-26 30192] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-16 122368] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336] "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440] "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-28 73728] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Fujitsu\\Utils\\FjMnuIco.exe"= "c:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [5/17/2006 3:56 PM 10496] R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/21/2006 6:05 PM 36352] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [9/23/2005 10:48 AM 28544] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2010 8:33 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2010 8:34 PM 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 2:48 PM 308064] R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [5/17/2006 3:56 PM 17920] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/17/2006 3:39 PM 4864] R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [5/17/2006 3:39 PM 31104] S2 gupdate1ca0cb5d637f1e;Google Update Service (gupdate1ca0cb5d637f1e);c:\program files\Google\Update\GoogleUpdate.exe [7/24/2009 7:18 PM 133104] S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 8:20 PM 3872] S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [5/17/2006 3:39 PM 5632] S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/15/2009 10:28 AM 30192] S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/17/2006 3:39 PM 35968] S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [5/17/2006 8:31 AM 14208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18] 2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: intuit.com\ttlc Trusted Zone: isqft.com Trusted Zone: isqft.com\www Trusted Zone: isqft.com\www . - - - - ORPHANS REMOVED - - - - BHO-{41890007-d1c6-405e-be05-335a39c03e6f} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 13:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2572) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\windows journal\nbmaptip.dll c:\windows\IME\SPGRMR.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\System32\SCardSvr.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\windows\System32\tabbtnu.exe c:\windows\System32\digtizer.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\lotus\notes\ntmulti.exe c:\windows\system32\o2flash.exe c:\windows\system32\wdfmgr.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe c:\windows\AGRSMMSG.exe c:\program files\Fujitsu\Utils\FjDspMon.exe c:\program files\Fujitsu\Utils\fjevents.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe . ************************************************************************** . Completion time: 2010-05-09 13:29:09 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-09 17:29 Pre-Run: 13,062,860,800 bytes free Post-Run: 13,849,145,344 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - 71A9A5D9F780D4C21E1AFF33C931BCD6

Fyi. When removing files. It said some not able to remove. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4083 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/9/2010 12:23:37 PM mbam-log-2010-05-09 (12-23-37).txt Scan type: Quick scan Objects scanned: 140613 Time elapsed: 18 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdmjstiw (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdmjstiw (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Local Settings\Application Data\etyfivgrf\kobmxyltssd.exe (Rogue.AntivirusSuite.Gen) -> Delete on reboot.

1. Below is log file from running malwarebytes. I already had it loaded. Virus would not let me update mbam. Virus would not let me know checker unless I re-booted and quickly started the program. If I waited for the re-boot to finish loading programs, it would with program infected, would you like to load anti-virus software?. 2. It let me run the defogger.exe. But it never asked me to re-boot. I rebooted on my own. ran this several times..same result. 3. Dds.Scr would not let me run program. Asked me what program should run it this file type. 4. Gmer program. It would run only if I could start it fast on reboot list number 1 above. When it ran. it either would re-boot on its own without finishing ( I don't think it finished ) or it would hang up and not move/scan a file for an hour or so. Looking forward to hearing from you on next step. Malwarebytes' Anti-Malware 1.44 Database version: 3926 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/8/2010 6:52:02 PM mbam-log-2010-05-08 (18-52-02).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 207656 Time elapsed: 56 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Thank you. I already have it loaded. It won't let me do an update. When I reboot I can run Mbam only if I do start the program real fast before, I am assuming, the virus starts running, because if I wait it will not pull up the mbam screen. Once up though it will run. I've run it several times and it finds something each time. with name fraudpack or dropper. If I try to pull up the log it will pull it up real quick then go away. It will not stay up long enough for me to save it somewhere else. I will try to find it in the file and I copy if from there, and try to run some more of the programs in the list you gave. Last time on my son's computer, I had to download stuff to run on another computer and move it over. Will try to continue with your list, until I hear back from you

Keep getting screens saying I have viruses and pretending to search computer. It won't let me know go to or run any virus removal software. Some one helped me remove something like this before from my son's computer and now I have it. What do I need to do.?

Thank you. I will donate to your cause. Can I run these programs on my other pc as a backup check? Also, I have couple of PC's that seem to have a lot junk running on start up. I run CClean but I would like to know if there is a program that will tell me flat out that this program don't need to be in start up programs. thoughts?

This is the otl run. I didn't add the list of custom scans/fixes like you asked me too for the first run, since you didn't say to this time. Here are the results. Ok? OTL logfile created on: 3/29/2010 8:29:54 PM - Run 4 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Lynn\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147.58 Gb Total Space | 76.62 Gb Free Space | 51.92% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LYNN-PC Current User Name: Lynn Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) PRC - C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe (WebEx Communications, Inc.) PRC - C:\ProgramData\WebEx\MyWebEx\319\raagtapp.exe () PRC - C:\ProgramData\WebEx\MyWebEx\319\rapanel.exe () PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.) PRC - C:\IDrive\IDriveE Service.exe (Pro Softnet Corporation) PRC - C:\IDrive\IDriveEBackground.exe (Pro Softnet Corp.) PRC - C:\Program Files\MyWebEx\Mobile Access\PCNowMobileClient.exe (WebEx Communications) PRC - C:\IDrive\IDriveETray.exe (Pro Softnet Corp.) PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe () PRC - C:\Toshiba\IVP\ISM\pinger.exe () PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Charter High-Speed Security Suite\Spam Control\fsscoepl.dll (F-Secure Corporation) MOD - \\?\c:\program files\charter high-speed security suite\hips\fshook32.dll () MOD - C:\Windows\IME\SPTIP.DLL (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FSORSPClient) -- C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (FSDFWD) -- C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) SRV - (atnthost) -- C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe (WebEx Communications, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) SRV - (FSMA) -- C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.) SRV - (IDriveE Service) -- C:\IDrive\IDriveE Service.exe (Pro Softnet Corporation) SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (GoToMyPC) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe () SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe () SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (F-Secure Gatekeeper) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\Windows\system32\Drivers\fsbts.sys () DRV - (F-Secure HIPS) -- C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsrec.sys () DRV - (fsvista) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsvista.sys () DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (KR3NPXP) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:02:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Charter High-Speed Security Suite\NRS\litmus-ff@f-secure.com [2010/01/12 11:11:07 | 000,000,000 | ---D | M] [2009/12/31 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions [2009/12/31 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [iDriveE Startup] C:\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.) O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: classbsf.org ([www] https in Trusted sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} https://www.classbsf.org/Reserved.ReportVie...OpType=PrintCab (RSClientPrint 2005 Class) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab (HPDDClientExec Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} https://www.idrive.com/idrivee/jsp/OzDesktopImporter.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://certaprosupport.webex.com/client/T2...rt/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 24.177.176.38 24.217.0.5 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Lynn\Documents\Geoff\100_0254.JPG O24 - Desktop BackupWallPaper: C:\Users\Lynn\Documents\Geoff\100_0254.JPG O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{58761e0d-26a2-11de-b350-00a0d191a807}\Shell - "" = AutoRun O33 - MountPoints2\{58761e0d-26a2-11de-b350-00a0d191a807}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{5a70e3f8-bec9-11dc-b8fc-00a0d191a807}\Shell - "" = AutoRun O33 - MountPoints2\{5a70e3f8-bec9-11dc-b8fc-00a0d191a807}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/03/28 20:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/03/28 13:51:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/03/28 13:51:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/03/28 13:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/03/28 13:19:47 | 000,000,000 | ---D | C] -- C:\_OTL [2010/03/27 17:09:48 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe [2010/03/24 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Desktop\Bryan [2010/03/24 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion [2010/03/24 19:38:15 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Yahoo! [2010/03/24 19:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2010/03/24 19:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/03/24 19:11:51 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Uniblue [2010/03/24 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\AVG8 [2010/03/23 19:52:37 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Malwarebytes [2010/03/23 19:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/03/22 18:20:01 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Documents\Downloads [2010/03/21 04:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater [2010/03/11 10:38:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2010/03/11 10:38:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2010/03/02 15:43:29 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\IsolatedStorage [2010/03/01 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\V-Safe 100 ========== Files - Modified Within 30 Days ========== [2010/03/29 20:31:40 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job [2010/03/29 20:29:04 | 003,407,872 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT [2010/03/29 20:24:08 | 000,000,350 | ---- | M] () -- C:\Users\Lynn\Desktop\Malwarebytes Forum - Malware Removal - HijackThis Logs.url [2010/03/29 19:51:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/03/29 19:42:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/03/29 19:42:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/03/29 18:07:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/03/29 17:46:22 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/03/29 17:42:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/03/29 17:42:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/03/29 17:42:27 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys [2010/03/29 16:21:14 | 000,524,288 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/03/29 16:21:14 | 000,065,536 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/03/29 16:20:47 | 003,107,173 | -H-- | M] () -- C:\Users\Lynn\AppData\Local\IconCache.db [2010/03/28 13:51:41 | 000,000,829 | ---- | M] () -- C:\Users\Lynn\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/27 20:41:01 | 000,717,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/03/27 20:41:01 | 000,613,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/03/27 20:41:01 | 000,108,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/03/27 16:08:03 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe [2010/03/24 19:38:10 | 000,001,681 | ---- | M] () -- C:\Users\Lynn\Desktop\CCleaner.lnk [2010/03/23 19:11:22 | 000,002,627 | ---- | M] () -- C:\Users\Lynn\Desktop\Microsoft Office Word 2007.lnk [2010/03/22 13:56:59 | 040,312,832 | ---- | M] () -- C:\Users\Lynn\Desktop\CertaPro Painters Master Quickbooks (2007) (Backup Mar 22,2010 01 55 PM).QBB [2010/03/21 11:25:41 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/03/20 17:12:48 | 000,353,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/03/02 18:13:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2010/03/02 15:46:40 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk ========== Files Created - No Company Name ========== [2010/03/29 09:22:01 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job [2010/03/29 09:16:27 | 000,000,350 | ---- | C] () -- C:\Users\Lynn\Desktop\Malwarebytes Forum - Malware Removal - HijackThis Logs.url [2010/03/28 13:51:41 | 000,000,829 | ---- | C] () -- C:\Users\Lynn\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/24 19:38:10 | 000,001,681 | ---- | C] () -- C:\Users\Lynn\Desktop\CCleaner.lnk [2010/03/22 13:56:11 | 040,312,832 | ---- | C] () -- C:\Users\Lynn\Desktop\CertaPro Painters Master Quickbooks (2007) (Backup Mar 22,2010 01 55 PM).QBB [2010/03/19 13:30:47 | 2011,217,920 | -HS- | C] () -- C:\hiberfil.sys [2010/03/02 18:13:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2010/03/02 15:46:40 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk [2009/10/05 23:06:02 | 000,000,680 | ---- | C] () -- C:\Users\Lynn\AppData\Local\d3d9caps.dat [2009/09/18 17:15:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009/02/27 09:19:22 | 000,006,778 | ---- | C] () -- C:\Users\Lynn\AppData\Roaming\PrimoPDFSet.xml [2009/02/27 09:16:47 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll [2009/01/16 20:33:43 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/01/14 13:25:40 | 000,033,920 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys [2008/12/24 10:50:24 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2008/07/15 16:24:25 | 000,009,216 | ---- | C] () -- C:\Users\Lynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/06/22 12:36:30 | 000,001,714 | ---- | C] () -- C:\Users\Lynn\AppData\Roaming\wklnhst.dat [2008/04/28 13:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini [2008/01/25 16:58:54 | 000,017,511 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008/01/25 13:05:59 | 000,000,092 | ---- | C] () -- C:\Users\Lynn\AppData\Local\fusioncache.dat [2007/08/22 16:33:11 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007/08/22 16:18:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007/08/22 16:18:54 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007/08/22 16:18:54 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007/08/22 16:18:54 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007/08/22 16:18:54 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007/08/22 16:18:54 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007/08/22 15:49:10 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007/08/22 15:49:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007/08/22 15:49:10 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007/08/22 15:49:10 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007/08/22 15:45:08 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007/07/28 02:26:30 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/12/05 16:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll < End of report >

Here are results. ========== I am assuming that all this stuff I've posted publicly is ok? nothing anyone can use for further damage? I haven't tested much but I am assuming that everything is ok and I am good to go? What is your process? you make me run some things, then you look at it and determine and build the fix? Do you have another program to use or do you just look for bad files? just curious about the process. What would have been my other options to fix this..? Thank you and I will donate for sure if give me an idea about the process and answer above.. just curious. not trying to steal your secrets. Thank you again. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=0a35ffc7358ed04fbdf9687fabc7bc12 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-03-29 03:38:50 # local_time=2010-03-28 11:38:50 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 0 106431209 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=190488 # found=0 # cleaned=0 # scan_time=10249 ===================== Malwarebytes' Anti-Malware 1.44 Database version: 3924 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 3/28/2010 6:39:36 PM mbam-log-2010-03-28 (18-39-36).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 314722 Time elapsed: 1 hour(s), 42 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpqoko6 (Worm.KoobFace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\tapisrvs (Worm.KoobFace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\_OTL\MovedFiles\03282010_163302\C_Users\Lynn\AppData\Local\rdr_1269296129.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\_OTL\MovedFiles\03282010_163302\C_Users\Lynn\AppData\Local\rdr_1269312931.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\_OTL\MovedFiles\03282010_163302\C_Users\Lynn\AppData\Local\rdr_1269367689.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\_OTL\MovedFiles\03282010_163302\C_Windows\bill104.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\_OTL\MovedFiles\03282010_163302\C_Windows\System32\erokosvc.dll (Worm.KoobFace) -> Quarantined and deleted successfully. C:\_OTL\MovedFiles\03282010_163302\C_Windows\System32\drivers\imapioko.sys (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Windows\System32\erokosvc.dll (Worm.KoobFace) -> Quarantined and deleted successfully. ===========================

Something didn't work. I could not update Mbam. would not let me as before. error code 732 (12007,0). - below is result of OTL fix. One thing I noticed in the things you asked me to copy to the scan box had someone else's info in it. ie. C:\Documents and Settings\Dona Roell\Application Data. this should be ...\Lynn\...?? - uninstalled Malwarebytes and installed after it won't work, just in case. same error as above. - Reran OTL again in case you needed that. results below. Ran it twice but it never created the extra.txt file. ? HELP All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\bisomasu.dll deleted successfully. File c:\windows\system32\bisomasu.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRIxuTN\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xmjtnzpc\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57023d58-d5be-11dd-9a0a-0050ba548a7c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57023d58-d5be-11dd-9a0a-0050ba548a7c}\ not found. File D:\USBAutoRun.exe not found. File C:\WINDOWS\System32\sajuyaya.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Lynn ->Temp folder emptied: 2409388 bytes ->Temporary Internet Files folder emptied: 26666486 bytes ->Java cache emptied: 66402731 bytes ->Flash cache emptied: 1895120 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1779617 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 95.00 mb OTL by OldTimer - Version 3.1.37.3 log created on 03282010_131947 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\WebEx\Log\328\atashost.log scheduled to be moved on reboot. File move failed. C:\Windows\temp\WebEx\Log\328\atnthost.log scheduled to be moved on reboot. Registry entries deleted on Reboot... =================== Rerun of OTL just in case you need ================== OTL logfile created on: 3/28/2010 1:59:40 PM - Run 2 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Lynn\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147.58 Gb Total Space | 76.94 Gb Free Space | 52.13% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded Drive G: | 3.81 Gb Total Space | 3.36 Gb Free Space | 88.38% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LYNN-PC Current User Name: Lynn Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) PRC - C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe (WebEx Communications, Inc.) PRC - C:\ProgramData\WebEx\MyWebEx\319\raagtapp.exe () PRC - C:\ProgramData\WebEx\MyWebEx\319\rapanel.exe () PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.) PRC - C:\IDrive\IDriveE Service.exe (Pro Softnet Corporation) PRC - C:\IDrive\IDriveEBackground.exe (Pro Softnet Corp.) PRC - C:\Program Files\MyWebEx\Mobile Access\PCNowMobileClient.exe (WebEx Communications) PRC - C:\IDrive\IDriveETray.exe (Pro Softnet Corp.) PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Users\Lynn\AppData\Roaming\U3\0000184AA474C9C6\LaunchPad.exe () PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe () PRC - C:\Toshiba\IVP\ISM\pinger.exe () PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Charter High-Speed Security Suite\Spam Control\fsscoepl.dll (F-Secure Corporation) MOD - \\?\c:\program files\charter high-speed security suite\hips\fshook32.dll () MOD - C:\Windows\IME\SPTIP.DLL (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FSORSPClient) -- C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (FSDFWD) -- C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) SRV - (atnthost) -- C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe (WebEx Communications, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) SRV - (FSMA) -- C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (cpqoko6) -- C:\Windows\System32\erokosvc.dll (Gteko Ltd.) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.) SRV - (IDriveE Service) -- C:\IDrive\IDriveE Service.exe (Pro Softnet Corporation) SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (GoToMyPC) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe () SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe () SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (fsbts) -- C:\Windows\system32\Drivers\fsbts.sys () DRV - (F-Secure Gatekeeper) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys () DRV - (F-Secure HIPS) -- C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsrec.sys () DRV - (fsvista) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsvista.sys () DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (apto6ko) -- C:\Windows\System32\drivers\imapioko.sys (Adobe Systems) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (KR3NPXP) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:02:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Charter High-Speed Security Suite\NRS\litmus-ff@f-secure.com [2010/01/12 11:11:07 | 000,000,000 | ---D | M] [2009/12/31 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions [2009/12/31 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [iDriveE Startup] C:\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.) O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: classbsf.org ([www] https in Trusted sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} https://www.classbsf.org/Reserved.ReportVie...OpType=PrintCab (RSClientPrint 2005 Class) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab (HPDDClientExec Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} https://www.idrive.com/idrivee/jsp/OzDesktopImporter.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://certaprosupport.webex.com/client/T2...rt/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 24.177.176.38 24.217.0.5 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Lynn\Documents\Geoff\100_0254.JPG O24 - Desktop BackupWallPaper: C:\Users\Lynn\Documents\Geoff\100_0254.JPG O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007/02/12 15:53:42 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{58761e0d-26a2-11de-b350-00a0d191a807}\Shell - "" = AutoRun O33 - MountPoints2\{58761e0d-26a2-11de-b350-00a0d191a807}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{5a70e3f8-bec9-11dc-b8fc-00a0d191a807}\Shell - "" = AutoRun O33 - MountPoints2\{5a70e3f8-bec9-11dc-b8fc-00a0d191a807}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/02/12 21:33:37 | 001,110,016 | R--- | M] () O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/12/23 18:36:42 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 30 Days ========== [2010/03/28 13:51:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/03/28 13:51:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/03/28 13:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/03/28 13:19:47 | 000,000,000 | ---D | C] -- C:\_OTL [2010/03/27 17:09:48 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe [2010/03/24 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Desktop\Bryan [2010/03/24 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion [2010/03/24 19:38:15 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Yahoo! [2010/03/24 19:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2010/03/24 19:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/03/24 19:37:38 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Users\Lynn\Desktop\ccsetup228.exe [2010/03/24 19:36:43 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lynn\Desktop\mbam-setup.exe [2010/03/24 19:11:51 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Uniblue [2010/03/24 19:08:52 | 004,023,064 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\Lynn\Desktop\registrybooster.exe [2010/03/24 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\AVG8 [2010/03/24 19:00:48 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Users\Lynn\Desktop\avg_free_stb_all_9_40_cnet.exe [2010/03/23 19:52:37 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Malwarebytes [2010/03/23 19:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/03/23 14:08:38 | 000,223,744 | ---- | C] (Sun Microsystems) -- C:\Users\Lynn\AppData\Local\rdr_1269367689.exe [2010/03/22 22:55:51 | 000,226,304 | ---- | C] (Iomega Corporation) -- C:\Users\Lynn\AppData\Local\rdr_1269312931.exe [2010/03/22 18:20:01 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Documents\Downloads [2010/03/22 18:15:56 | 000,223,744 | ---- | C] (Philips) -- C:\Users\Lynn\AppData\Local\rdr_1269296129.exe [2010/03/21 04:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater [2010/03/19 08:19:19 | 000,224,768 | ---- | C] (Lexmark) -- C:\Users\Lynn\AppData\Local\rdr_1269001124.exe [2010/03/11 10:38:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2010/03/11 10:38:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2010/03/02 15:43:29 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\IsolatedStorage [2010/03/01 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\V-Safe 100 ========== Files - Modified Within 30 Days ========== [2010/03/28 13:59:21 | 003,407,872 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT [2010/03/28 13:51:41 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/28 13:51:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/03/28 13:42:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/03/28 13:42:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/03/28 13:27:25 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/03/28 13:23:51 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/03/28 13:23:50 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/03/28 13:23:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/03/28 13:23:36 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys [2010/03/28 13:21:32 | 000,524,288 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/03/28 13:21:32 | 000,065,536 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/03/27 22:44:41 | 004,012,591 | -H-- | M] () -- C:\Users\Lynn\AppData\Local\IconCache.db [2010/03/27 20:41:01 | 000,717,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/03/27 20:41:01 | 000,613,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/03/27 20:41:01 | 000,108,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/03/27 17:12:09 | 000,293,376 | ---- | M] () -- C:\Users\Lynn\Desktop\lb0nj5fj.exe [2010/03/27 16:08:03 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe [2010/03/25 20:52:29 | 331,450,006 | ---- | M] () -- C:\Users\Lynn\Desktop\resedit backup.reg [2010/03/24 19:38:10 | 000,001,681 | ---- | M] () -- C:\Users\Lynn\Desktop\CCleaner.lnk [2010/03/24 19:35:49 | 003,370,400 | ---- | M] (Piriform Ltd) -- C:\Users\Lynn\Desktop\ccsetup228.exe [2010/03/23 19:47:40 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lynn\Desktop\mbam-setup.exe [2010/03/23 19:13:51 | 000,393,911 | ---- | M] () -- C:\Users\Lynn\Desktop\Doc1after1deleteI think.docx [2010/03/23 19:11:22 | 000,002,627 | ---- | M] () -- C:\Users\Lynn\Desktop\Microsoft Office Word 2007.lnk [2010/03/23 14:08:38 | 000,223,744 | ---- | M] (Sun Microsystems) -- C:\Users\Lynn\AppData\Local\rdr_1269367689.exe [2010/03/23 14:08:09 | 000,000,001 | ---- | M] () -- C:\Windows\ligh [2010/03/23 13:47:08 | 000,329,645 | ---- | M] () -- C:\Users\Lynn\Desktop\Doc1.docx [2010/03/22 22:55:51 | 000,226,304 | ---- | M] (Iomega Corporation) -- C:\Users\Lynn\AppData\Local\rdr_1269312931.exe [2010/03/22 18:16:17 | 000,223,744 | ---- | M] (Philips) -- C:\Users\Lynn\AppData\Local\rdr_1269296129.exe [2010/03/22 13:56:59 | 040,312,832 | ---- | M] () -- C:\Users\Lynn\Desktop\CertaPro Painters Master Quickbooks (2007) (Backup Mar 22,2010 01 55 PM).QBB [2010/03/21 11:25:41 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/03/20 17:12:48 | 000,353,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/03/19 13:41:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\

FYI , Now when I click in IE .. a box comes up saying IE has stopped working. ....and won't load

Thank you for your help. I am getting behind on my work FYI. I had to move the pgms and log files back and forth from another computer because infected one won't let me get to this website. ========================= OTL logfile created on: 3/27/2010 8:42:07 PM - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Lynn\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147.58 Gb Total Space | 76.94 Gb Free Space | 52.13% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded Drive G: | 3.81 Gb Total Space | 3.36 Gb Free Space | 88.38% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LYNN-PC Current User Name: Lynn Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) PRC - C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe (WebEx Communications, Inc.) PRC - C:\ProgramData\WebEx\MyWebEx\319\raagtapp.exe () PRC - C:\ProgramData\WebEx\MyWebEx\319\rapanel.exe () PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.) PRC - C:\IDrive\IDriveE Service.exe (Pro Softnet Corporation) PRC - C:\IDrive\IDriveEBackground.exe (Pro Softnet Corp.) PRC - C:\Program Files\MyWebEx\Mobile Access\PCNowMobileClient.exe (WebEx Communications) PRC - C:\IDrive\IDriveETray.exe (Pro Softnet Corp.) PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Users\Lynn\AppData\Roaming\U3\0000184AA474C9C6\LaunchPad.exe () PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe () PRC - C:\Toshiba\IVP\ISM\pinger.exe () PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Charter High-Speed Security Suite\Spam Control\fsscoepl.dll (F-Secure Corporation) MOD - \\?\c:\program files\charter high-speed security suite\hips\fshook32.dll () MOD - C:\Windows\IME\SPTIP.DLL (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FSORSPClient) -- C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (FSDFWD) -- C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) SRV - (atnthost) -- C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe (WebEx Communications, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) SRV - (FSMA) -- C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (cpqoko6) -- C:\Windows\System32\erokosvc.dll (Gteko Ltd.) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.) SRV - (IDriveE Service) -- C:\IDrive\IDriveE Service.exe (Pro Softnet Corporation) SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (GoToMyPC) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe () SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe () SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (fsbts) -- C:\Windows\system32\Drivers\fsbts.sys () DRV - (F-Secure Gatekeeper) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys () DRV - (F-Secure HIPS) -- C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsrec.sys () DRV - (fsvista) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsvista.sys () DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (apto6ko) -- C:\Windows\System32\drivers\imapioko.sys (Adobe Systems) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (KR3NPXP) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:02:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Charter High-Speed Security Suite\NRS\litmus-ff@f-secure.com [2010/01/12 11:11:07 | 000,000,000 | ---D | M] [2009/12/31 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions [2009/12/31 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [iDriveE Startup] C:\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.) O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC) O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: classbsf.org ([www] https in Trusted sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} https://www.classbsf.org/Reserved.ReportVie...OpType=PrintCab (RSClientPrint 2005 Class) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab (HPDDClientExec Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} https://www.idrive.com/idrivee/jsp/OzDesktopImporter.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://certaprosupport.webex.com/client/T2...rt/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 24.177.176.38 24.217.0.5 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Lynn\Documents\Geoff\100_0254.JPG O24 - Desktop BackupWallPaper: C:\Users\Lynn\Documents\Geoff\100_0254.JPG O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007/02/12 15:53:42 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{58761e0d-26a2-11de-b350-00a0d191a807}\Shell - "" = AutoRun O33 - MountPoints2\{58761e0d-26a2-11de-b350-00a0d191a807}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{5a70e3f8-bec9-11dc-b8fc-00a0d191a807}\Shell - "" = AutoRun O33 - MountPoints2\{5a70e3f8-bec9-11dc-b8fc-00a0d191a807}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/02/12 21:33:37 | 001,110,016 | R--- | M] () O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/12/23 18:36:42 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 30 Days ========== [2010/03/27 17:09:48 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe [2010/03/25 19:30:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/03/25 19:30:22 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/03/24 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Desktop\Bryan [2010/03/24 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion [2010/03/24 19:38:15 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Yahoo! [2010/03/24 19:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2010/03/24 19:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/03/24 19:37:38 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Users\Lynn\Desktop\ccsetup228.exe [2010/03/24 19:36:43 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lynn\Desktop\mbam-setup.exe [2010/03/24 19:11:51 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Uniblue [2010/03/24 19:08:52 | 004,023,064 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\Lynn\Desktop\registrybooster.exe [2010/03/24 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\AVG8 [2010/03/24 19:00:48 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Users\Lynn\Desktop\avg_free_stb_all_9_40_cnet.exe [2010/03/23 19:52:37 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Malwarebytes [2010/03/23 19:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/03/23 19:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/03/23 14:08:38 | 000,223,744 | ---- | C] (Sun Microsystems) -- C:\Users\Lynn\AppData\Local\rdr_1269367689.exe [2010/03/22 22:55:51 | 000,226,304 | ---- | C] (Iomega Corporation) -- C:\Users\Lynn\AppData\Local\rdr_1269312931.exe [2010/03/22 18:20:01 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Documents\Downloads [2010/03/22 18:15:56 | 000,223,744 | ---- | C] (Philips) -- C:\Users\Lynn\AppData\Local\rdr_1269296129.exe [2010/03/21 04:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater [2010/03/19 08:19:19 | 000,224,768 | ---- | C] (Lexmark) -- C:\Users\Lynn\AppData\Local\rdr_1269001124.exe [2010/03/11 10:38:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2010/03/11 10:38:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2010/03/02 15:43:29 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\IsolatedStorage [2010/03/01 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\V-Safe 100 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/03/27 20:41:14 | 003,407,872 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT [2010/03/27 20:41:01 | 000,717,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/03/27 20:41:01 | 000,613,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/03/27 20:41:01 | 000,108,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/03/27 20:36:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/03/27 20:36:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/03/27 19:51:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/03/27 18:45:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/03/27 17:12:09 | 000,293,376 | ---- | M] () -- C:\Users\Lynn\Desktop\lb0nj5fj.exe [2010/03/27 16:10:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/03/27 16:10:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/03/27 16:08:03 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe [2010/03/27 14:36:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/03/27 14:36:12 | 2009,133,056 | -HS- | M] () -- C:\hiberfil.sys [2010/03/25 20:52:29 | 331,450,006 | ---- | M] () -- C:\Users\Lynn\Desktop\resedit backup.reg [2010/03/25 19:30:29 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/25 14:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/03/25 14:56:19 | 000,065,536 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/03/25 14:55:44 | 004,007,481 | -H-- | M] () -- C:\Users\Lynn\AppData\Local\IconCache.db [2010/03/24 19:38:10 | 000,001,681 | ---- | M] () -- C:\Users\Lynn\Desktop\CCleaner.lnk [2010/03/24 19:35:49 | 003,370,400 | ---- | M] (Piriform Ltd) -- C:\Users\Lynn\Desktop\ccsetup228.exe [2010/03/23 19:47:40 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lynn\Desktop\mbam-setup.exe [2010/03/23 19:13:51 | 000,393,911 | ---- | M] () -- C:\Users\Lynn\Desktop\Doc1after1deleteI think.docx [2010/03/23 19:11:22 | 000,002,627 | ---- | M] () -- C:\Users\Lynn\Desktop\Microsoft Office Word 2007.lnk [2010/03/23 14:08:38 | 000,223,744 | ---- | M] (Sun Microsystems) -- C:\Users\Lynn\AppData\Local\rdr_1269367689.exe [2010/03/23 14:08:09 | 000,000,001 | ---- | M] () -- C:\Windows\ligh [2010/03/23 13:47:08 | 000,329,645 | ---- | M] () -- C:\Users\Lynn\Desktop\Doc1.docx [2010/03/22 22:55:51 | 000,226,304 | ---- | M] (Iomega Corporation) -- C:\Users\Lynn\AppData\Local\rdr_1269312931.exe [2010/03/22 18:16:17 | 000,223,744 | ---- | M] (Philips) -- C:\Users\Lynn\AppData\Local\rdr_1269296129.exe [2010/03/22 13:56:59 | 040,312,832 | ---- | M] () -- C:\Users\Lynn\Desktop\CertaPro Painters Master Quickbooks (2007) (Backup Mar 22,2010 01 55 PM).QBB [2010/03/21 11:25:41 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/03/20 17:12:48 | 000,353,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/03/19 13:41:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\

I posted the below in another forum and was told to do the tasks in the main topic "........wtopic=9573." Then come here and make a post. I saw another topic that said to run another set of programs ( OTL .) This topic http://forums.malwarebytes.org/index.php?s...locking+website. .. so I am confused about what I should do next. In the main topic 9573 that seems to be the starting point. It won't let me update MabM. So should I finish the main topic 9573 link tasks including the "defogger, etc" or try the OTL topic. Plus it seems that different steps may be needed after I run and post results. Can someone push in the right way to get started. ? Thanks === My orginal post 1. I found the trojan.fakeav.kue via charters virus checker. it removed it. but it keeps coming back. symptoms are fake virus checkers keep popping up and running. Files found were : Trojan.fakeav.kue. and other tiimes it found : Trojan.generic.354066. After I removed the kue file and run the checker again it would find the generic.354066 file. 2. It got to where I could not go to malwarebytes.org site from IE. I loaded Chrome and same thing. ( other sites worked. weather, ebay, etc) AVG site did not work it. came back site not found. I have no idea if this is related but surely appears to be based malware failed update below. 3. I downloaded malwarebytes via another computer and transfered it to bad one. Got Malware to load. Tried running the update and it came back with error 732 (12007,0) Contact Malware support. The update verison it downloaded was 3510. 4. I ran the scanner anyway. and it found the below. Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 3/23/2010 8:11:45 PM mbam-log-2010-03-23 (20-11-45).txt Scan type: Quick Scan Objects scanned: 118077 Time elapsed: 11 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully. C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully. 5. Ran it again but it came back with nothing. 6. Open up IE and the fake virus keeps coming back. HELP. FYI. followed Malware admin steps above. and also turned wireless off at times (tried both ways) when running. But was always connected to wireless when trying to update or try sites. only turned off when running scanner (popups would come up during scan) or re-booting.

1. I found the trojan.fakeav.kue via charters virus checker. it removed it. but it keeps coming back. symptoms are fake virus checkers keep popping up and running. Files found were : Trojan.fakeav.kue. and other tiimes it found : Trojan.generic.354066. After I removed the kue file and run the checker again it would find the generic.354066 file. 2. It got to where I could not go to malwarebytes.org site from IE. I loaded Chrome and same thing. ( other sites worked. weather, ebay, etc) AVG site did not work it. came back site not found. I have no idea if this is related but surely appears to be based malware failed update below. 3. I downloaded malwarebytes via another computer and transfered it to bad one. Got Malware to load. Tried running the update and it came back with error 732 (12007,0) Contact Malware support. The update verison it downloaded was 3510. 4. I ran the scanner anyway. and it found the below. Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 3/23/2010 8:11:45 PM mbam-log-2010-03-23 (20-11-45).txt Scan type: Quick Scan Objects scanned: 118077 Time elapsed: 11 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully. C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully. 5. Ran it again but it came back with nothing. 6. Open up IE and the fake virus keeps coming back. HELP. FYI. followed Malware admin steps above. and also turned wireless off at times (tried both ways) when running. But was always connected to wireless when trying to update or try sites. only turned off when running scanner (popups would come up during scan) or re-booting.