dreamer
-
Posts
24 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by dreamer
-
-
I am trying to help an employee get pc uninfected.
I could not download and run MalBytes from his computer.
I Was able to copy a setup file from my computer and move to his.. and it allowed me to load the software
but NOT run an update. First time I can it, there were a lot of infections. Several Trojans.
I deleted them all. Ran again but does not show an infections. BUT MS security will pop up an infected file screen every now and then. MB will still not allow me to update the version. And AVG errors too.
Half the Malbytes forum will not work so I am having to post this on my computer.
Can someone help me with next steps?
-
Not on this puter. Unless son was using it.
Thanks I donated.
-
Done. Thanks
Any clue on how I got this. I don't remember doing anything different than I usually do. nor was not opening files when it started. Had hardly even used it the day it started.
-
Done. Thanks.
Any clue as to how I got this? I don't remember opening or doing anything different.
-
-
Found it and deleted it after I reset to show hidden files.
-
I don't see a folder or file of that name.
I don't see a folder \Local Settings\ in administrator. ???
Everything seems to be ok since the malwarebytes run.
-
ComboFix 10-05-08.03 - Administrator 05/09/2010 15:48:33.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1941 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.
2010-05-09 18:32 . 2010-05-09 18:43 -------- d-----w- C:\Combo-Fix18610C
2010-05-09 17:12 . 2010-05-09 17:29 -------- d-----w- C:\Combo-Fix
2010-05-09 15:47 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 23:18 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\etyfivgrf
2010-04-27 00:38 . 2010-04-27 00:38 50354 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\uninstall.exe
2010-04-27 00:38 . 2010-04-27 00:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Facebook
2010-04-20 17:30 . 2010-04-20 17:30 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 17:27 . 2010-04-20 17:27 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-10 00:53 . 2010-04-10 00:53 98920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 19:05 . 2009-12-14 02:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-04-28 13:32 . 2009-07-15 15:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-04-27 13:22 . 2009-07-15 15:20 3164 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2010-04-24 22:53 . 2010-04-06 13:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2010-04-22 23:09 . 2009-12-09 04:56 0 ----a-w- c:\windows\system32\drivers\FUJITSU_AE5AJ3A323450000_WXPTPC.MKR
2010-04-20 17:29 . 2010-02-11 00:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-14 18:50 . 2006-05-17 19:59 -------- d-----w- c:\program files\Google
2010-04-14 07:07 . 2009-07-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 14:55 . 2010-03-18 14:55 207056 ----a-w- c:\documents and settings\All Users\Application Data\tmp22E.tmp
2010-03-16 18:48 . 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 18:48 . 2010-02-11 00:33 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 18:47 . 2010-02-11 00:33 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 12:38 . 2006-05-17 11:55 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2006-05-17 11:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2006-05-17 11:54 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2006-05-17 11:55 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-24 13:11 . 2006-05-17 11:54 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 20:47 . 2010-02-15 20:47 103449 ----a-w- c:\documents and settings\All Users\Application Data\tmp530.tmp
2010-02-15 00:52 . 2010-02-14 23:58 156075 ----a-w- c:\windows\hpwins12.dat
2010-02-12 04:33 . 2006-05-17 11:54 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-05-17 11:55 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2001-12-03 21:09 . 2009-09-18 21:02 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Administrator\Local Settings\Application Data\etyfivgrf ----
((((((((((((((((((((((((((((( SnapShot@2010-05-09_17.25.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-09 19:45 . 2010-05-09 19:45 16384 c:\windows\Temp\Perflib_Perfdata_b88.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 88365]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-31 20480]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-19 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-26 30192]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-16 122368]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-28 73728]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Fujitsu\\Utils\\FjMnuIco.exe"=
"c:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [5/17/2006 3:56 PM 10496]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/21/2006 6:05 PM 36352]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [9/23/2005 10:48 AM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2010 8:33 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2010 8:34 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 2:48 PM 308064]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [5/17/2006 3:56 PM 17920]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/17/2006 3:39 PM 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [5/17/2006 3:39 PM 31104]
S2 gupdate1ca0cb5d637f1e;Google Update Service (gupdate1ca0cb5d637f1e);c:\program files\Google\Update\GoogleUpdate.exe [7/24/2009 7:18 PM 133104]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 8:20 PM 3872]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [5/17/2006 3:39 PM 5632]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/15/2009 10:28 AM 30192]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/17/2006 3:39 PM 35968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [5/17/2006 8:31 AM 14208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-05-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-16 23:05]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: isqft.com
Trusted Zone: isqft.com\www
Trusted Zone: isqft.com\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 15:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2896)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
.
Completion time: 2010-05-09 15:54:59
ComboFix-quarantined-files.txt 2010-05-09 19:54
ComboFix2.txt 2010-05-09 18:43
ComboFix3.txt 2010-05-09 17:29
Pre-Run: 13,815,136,256 bytes free
Post-Run: 13,781,733,376 bytes free
- - End Of File - - BF90E58C9F81881EC0D5E9D14E156A8A
===
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.09 -
AhnLab-V3 2010.05.09.00 2010.05.08 -
AntiVir 8.2.1.236 2010.05.07 -
Antiy-AVL 2.0.3.7 2010.05.07 -
Authentium 5.2.0.5 2010.05.09 -
Avast 4.8.1351.0 2010.05.09 -
Avast5 5.0.332.0 2010.05.09 -
AVG 9.0.0.787 2010.05.09 -
BitDefender 7.2 2010.05.09 -
CAT-QuickHeal 10.00 2010.05.08 -
ClamAV 0.96.0.3-git 2010.05.09 -
Comodo 4800 2010.05.09 -
DrWeb 5.0.2.03300 2010.05.09 -
eSafe 7.0.17.0 2010.05.09 -
eTrust-Vet None 2010.05.07 -
F-Prot 4.5.1.85 2010.05.09 -
F-Secure 9.0.15370.0 2010.05.09 -
Fortinet 4.1.133.0 2010.05.09 -
GData 21 2010.05.09 -
Ikarus T3.1.1.84.0 2010.05.09 -
Jiangmin 13.0.900 2010.05.09 -
Kaspersky 7.0.0.125 2010.05.09 -
McAfee 5.400.0.1158 2010.05.09 -
McAfee-GW-Edition 2010.1 2010.05.09 -
Microsoft 1.5703 2010.05.09 -
NOD32 5098 2010.05.09 -
Norman 6.04.12 2010.05.09 -
nProtect 2010-05-09.01 2010.05.09 -
Panda 10.0.2.7 2010.05.09 -
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.09 -
Rising 22.46.06.04 2010.05.09 -
Sophos 4.53.0 2010.05.09 -
Sunbelt 6282 2010.05.09 -
Symantec 20091.2.0.41 2010.05.09 -
TheHacker 6.5.2.0.277 2010.05.09 -
TrendMicro 9.120.0.1004 2010.05.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.09 -
VBA32 3.12.12.4 2010.05.06 -
ViRobot 2010.5.8.2306 2010.05.08 -
VirusBuster 5.0.27.0 2010.05.09 -
Additional information
File size: 207056 bytes
MD5...: aabf83058030d6cc6c12d43418c33c86
SHA1..: 645f4e23532136f28e4880149ea55e90770837f0
SHA256: 7162605f36e71caabf4a1d765e2a193dd25546b9cf1157805e68c0e94f74db13
ssdeep: 3072:YW/koiDeUJOFIXBKZ2rR9GxIoFzZxoFftz+YKXidb3e+yIHkADvUhRJpeRc
:YW8oWJweBDR9GxIet6ZEYMidb3jjhUhZ
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
trid..: Adobe Portable Document Format (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: PDF Header: %PDF-1.3
obj 36
endobj 36
stream 10
endstream 9
xref 1
trailer 1
startxref 1
/Page 2
/Encrypt 0
/ObjStm 0
/JS 0
/JavaScript 0
/AA 0
/OpenAction 0
/AcroForm 0
/JBIG2Decode 0
/RichMedia 0
/Launch 0
/Colors > 2^24 0
-
ComboFix 10-05-08.03 - Administrator 05/09/2010 14:33:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1746 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
file zipped: d:\setupsnk.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\setupsnk.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.
2010-05-09 17:12 . 2010-05-09 17:29 -------- d-----w- C:\Combo-Fix
2010-05-09 15:47 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 23:18 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\etyfivgrf
2010-04-27 00:38 . 2010-04-27 00:38 50354 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\uninstall.exe
2010-04-27 00:38 . 2010-04-27 00:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Facebook
2010-04-20 17:30 . 2010-04-20 17:30 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 17:27 . 2010-04-20 17:27 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-10 00:53 . 2010-04-10 00:53 98920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 17:09 . 2009-12-14 02:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-04-28 13:32 . 2009-07-15 15:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-04-27 13:22 . 2009-07-15 15:20 3164 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2010-04-24 22:53 . 2010-04-06 13:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2010-04-22 23:09 . 2009-12-09 04:56 0 ----a-w- c:\windows\system32\drivers\FUJITSU_AE5AJ3A323450000_WXPTPC.MKR
2010-04-20 17:29 . 2010-02-11 00:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-14 18:50 . 2006-05-17 19:59 -------- d-----w- c:\program files\Google
2010-04-14 07:07 . 2009-07-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 14:55 . 2010-03-18 14:55 207056 ----a-w- c:\documents and settings\All Users\Application Data\tmp22E.tmp
2010-03-16 18:48 . 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 18:48 . 2010-02-11 00:33 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 18:47 . 2010-02-11 00:33 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 12:38 . 2006-05-17 11:55 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2006-05-17 11:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2006-05-17 11:54 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2006-05-17 11:55 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-24 13:11 . 2006-05-17 11:54 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 20:47 . 2010-02-15 20:47 103449 ----a-w- c:\documents and settings\All Users\Application Data\tmp530.tmp
2010-02-15 00:52 . 2010-02-14 23:58 156075 ----a-w- c:\windows\hpwins12.dat
2010-02-12 04:33 . 2006-05-17 11:54 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-05-17 11:55 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2001-12-03 21:09 . 2009-09-18 21:02 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-09_17.25.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-09 18:38 . 2010-05-09 18:38 16384 c:\windows\Temp\Perflib_Perfdata_ba8.dat
+ 2010-05-09 18:38 . 2010-05-09 18:38 16384 c:\windows\Temp\Perflib_Perfdata_928.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 88365]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-31 20480]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-19 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-26 30192]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-16 122368]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-28 73728]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Fujitsu\\Utils\\FjMnuIco.exe"=
"c:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [5/17/2006 3:56 PM 10496]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/21/2006 6:05 PM 36352]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [9/23/2005 10:48 AM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2010 8:33 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2010 8:34 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 2:48 PM 308064]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [5/17/2006 3:56 PM 17920]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/17/2006 3:39 PM 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [5/17/2006 3:39 PM 31104]
S2 gupdate1ca0cb5d637f1e;Google Update Service (gupdate1ca0cb5d637f1e);c:\program files\Google\Update\GoogleUpdate.exe [7/24/2009 7:18 PM 133104]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 8:20 PM 3872]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [5/17/2006 3:39 PM 5632]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/15/2009 10:28 AM 30192]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/17/2006 3:39 PM 35968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [5/17/2006 8:31 AM 14208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-05-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-16 23:05]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: isqft.com
Trusted Zone: isqft.com\www
Trusted Zone: isqft.com\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 14:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\windows\System32\SCardSvr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\tabbtnu.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\System32\digtizer.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\lotus\notes\ntmulti.exe
c:\windows\system32\o2flash.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Fujitsu\Utils\FjDspMon.exe
c:\program files\Fujitsu\Utils\fjevents.exe
c:\windows\system32\igfxext.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-05-09 14:43:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-09 18:43
ComboFix2.txt 2010-05-09 17:29
Pre-Run: 13,847,633,920 bytes free
Post-Run: 13,813,817,344 bytes free
- - End Of File - - E2330FB0497754AB7EE6F49CDC0A9E4D
-
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/05/09 14:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP Tablet PC Edition SP3
==================================================
Drivers
-------------------
Name: catchme.sys
Image Path: C:\Combo-Fix\catchme.sys
Address: 0xBA458000 Size: 31744 File Visible: No Signed: -
Status: -
Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xBA118000 Size: 60416 File Visible: No Signed: -
Status: -
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x98761000 Size: 876544 File Visible: No Signed: -
Status: -
Name: mbr.sys
Image Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys
Address: 0xBA430000 Size: 20864 File Visible: No Signed: -
Status: -
Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xBA62C000 Size: 7872 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x97B36000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Temp\HPSLPS001.log
Status: Locked to the Windows API!
Path: d:\setupsnk.exe
Status: Size mismatch (API: 28672, Raw: 1049901663130775552)
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_restore{8152C0C8-324C-4987-80CA-A441BE6B69A5}
Status: Visible to the Windows API, but not on disk.
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP243
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP244
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP246
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP249
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP255
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP263
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP264
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP266
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP278
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP283
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP289
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP243\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP243\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP243\RestorePointSize
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP244\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP244\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP244\RestorePointSize
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP246\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP246\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP246\RestorePointSize
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP249\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP249\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP249\RestorePointSize
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP255\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP255\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP255\RestorePointSize
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP263\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP263\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP263\RestorePointSize
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP264\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP264\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP264\RestorePointSize
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP266\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP266\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP266\RestorePointSize
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271\change.log.2
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP271\RestorePointSize
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP278\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP278\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP278\RestorePointSize
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP283\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP283\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP283\RestorePointSize
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP289\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP289\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP289\RestorePointSize
Status: Invisible to the Windows API!
Path: \\?\D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\*
Status: Could not enumerate files with the Windows API (0x00000003)!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\A0106980.ini
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\A0106994.ini
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\A0106996.INF
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\change.log
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\change.log.1
Status: Invisible to the Windows API!
Path: D:\System Volume Information\_r≮store{8152C0C8-324C-4987-80CA-A441BE6B69A5}\RP291\RestorePointSize
Status: Invisible to the Windows API!
==EOF==
-
ComboFix 10-05-08.02 - Administrator 05/09/2010 13:17:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1806 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AbaleZip.dll
c:\windows\Tasks.\nfowedgj.job
c:\windows\Temp\tmp3.tmp
D:\Autorun.inf
c:\windows\Tasks.\nfowedgj.job . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.
2010-05-09 15:47 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 23:18 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\etyfivgrf
2010-04-27 00:38 . 2010-04-27 00:38 50354 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\uninstall.exe
2010-04-27 00:38 . 2010-04-27 00:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Facebook
2010-04-20 17:30 . 2010-04-20 17:30 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 17:27 . 2010-04-20 17:27 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-10 00:53 . 2010-04-10 00:53 98920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 17:09 . 2009-12-14 02:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-04-28 13:32 . 2009-07-15 15:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-04-27 13:22 . 2009-07-15 15:20 3164 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2010-04-24 22:53 . 2010-04-06 13:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2010-04-22 23:09 . 2009-12-09 04:56 0 ----a-w- c:\windows\system32\drivers\FUJITSU_AE5AJ3A323450000_WXPTPC.MKR
2010-04-20 17:29 . 2010-02-11 00:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-14 18:50 . 2006-05-17 19:59 -------- d-----w- c:\program files\Google
2010-04-14 07:07 . 2009-07-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 14:55 . 2010-03-18 14:55 207056 ----a-w- c:\documents and settings\All Users\Application Data\tmp22E.tmp
2010-03-16 18:48 . 2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 18:48 . 2010-02-11 00:33 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 18:47 . 2010-02-11 00:33 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 12:38 . 2006-05-17 11:55 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2006-05-17 11:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2006-05-17 11:54 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2006-05-17 11:55 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-24 13:11 . 2006-05-17 11:54 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 20:47 . 2010-02-15 20:47 103449 ----a-w- c:\documents and settings\All Users\Application Data\tmp530.tmp
2010-02-15 00:52 . 2010-02-14 23:58 156075 ----a-w- c:\windows\hpwins12.dat
2010-02-12 04:33 . 2006-05-17 11:54 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-05-17 11:55 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2001-12-03 21:09 . 2009-09-18 21:02 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 88365]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-31 20480]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-19 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-26 30192]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-16 122368]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-28 73728]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 18:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Fujitsu\\Utils\\FjMnuIco.exe"=
"c:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [5/17/2006 3:56 PM 10496]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/21/2006 6:05 PM 36352]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [9/23/2005 10:48 AM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/10/2010 8:33 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/10/2010 8:34 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 2:48 PM 308064]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [5/17/2006 3:56 PM 17920]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/17/2006 3:39 PM 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [5/17/2006 3:39 PM 31104]
S2 gupdate1ca0cb5d637f1e;Google Update Service (gupdate1ca0cb5d637f1e);c:\program files\Google\Update\GoogleUpdate.exe [7/24/2009 7:18 PM 133104]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 8:20 PM 3872]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [5/17/2006 3:39 PM 5632]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/15/2009 10:28 AM 30192]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/17/2006 3:39 PM 35968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [5/17/2006 8:31 AM 14208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18]
2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 23:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: isqft.com
Trusted Zone: isqft.com\www
Trusted Zone: isqft.com\www
.
- - - - ORPHANS REMOVED - - - -
BHO-{41890007-d1c6-405e-be05-335a39c03e6f} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 13:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\tabbtnu.exe
c:\windows\System32\digtizer.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\lotus\notes\ntmulti.exe
c:\windows\system32\o2flash.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
c:\windows\AGRSMMSG.exe
c:\program files\Fujitsu\Utils\FjDspMon.exe
c:\program files\Fujitsu\Utils\fjevents.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-05-09 13:29:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-09 17:29
Pre-Run: 13,062,860,800 bytes free
Post-Run: 13,849,145,344 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 71A9A5D9F780D4C21E1AFF33C931BCD6
-
Fyi. When removing files. It said some not able to remove.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4083
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
5/9/2010 12:23:37 PM
mbam-log-2010-05-09 (12-23-37).txt
Scan type: Quick scan
Objects scanned: 140613
Time elapsed: 18 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdmjstiw (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdmjstiw (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Application Data\etyfivgrf\kobmxyltssd.exe (Rogue.AntivirusSuite.Gen) -> Delete on reboot.
-
1. Below is log file from running malwarebytes. I already had it loaded. Virus would not let me update mbam. Virus would not let me know checker unless I re-booted and quickly started the program. If I waited for the re-boot to finish loading programs, it would with program infected, would you like to load anti-virus software?.
2. It let me run the defogger.exe. But it never asked me to re-boot. I rebooted on my own. ran this several times..same result.
3. Dds.Scr would not let me run program. Asked me what program should run it this file type.
4. Gmer program. It would run only if I could start it fast on reboot list number 1 above. When it ran. it either would re-boot on its own without finishing ( I don't think it finished ) or it would hang up and not move/scan a file for an hour or so.
Looking forward to hearing from you on next step.
Malwarebytes' Anti-Malware 1.44
Database version: 3926
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
5/8/2010 6:52:02 PM
mbam-log-2010-05-08 (18-52-02).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 207656
Time elapsed: 56 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Thank you.
I already have it loaded. It won't let me do an update. When I reboot I can run Mbam only if I do start the program real fast before, I am assuming, the virus starts running, because if I wait it will not pull up the mbam screen.
Once up though it will run. I've run it several times and it finds something each time. with name fraudpack or dropper.
If I try to pull up the log it will pull it up real quick then go away. It will not stay up long enough for me to save it somewhere else.
I will try to find it in the file and I copy if from there, and try to run some more of the programs in the list you gave. Last time on my son's computer, I had to download stuff to run on another computer and move it over.
Will try to continue with your list, until I hear back from you
-
Keep getting screens saying I have viruses and pretending to search computer.
It won't let me know go to or run any virus removal software.
Some one helped me remove something like this before from my son's computer and now I have it.
What do I need to do.?
-
Thank you. I will donate to your cause.
Can I run these programs on my other pc as a backup check?
Also, I have couple of PC's that seem to have a lot junk running on start up. I run CClean but I would like to know if there is a program that will tell me flat out that this program don't need to be in start up programs. thoughts?
-
This is the otl run. I didn't add the list of custom scans/fixes like you asked me too for the first run, since you didn't say to this time.
Here are the results. Ok?
OTL logfile created on: 3/29/2010 8:29:54 PM - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Lynn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 76.62 Gb Free Space | 51.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LYNN-PC
Current User Name: Lynn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe (WebEx Communications, Inc.)
PRC - C:\ProgramData\WebEx\MyWebEx\319\raagtapp.exe ()
PRC - C:\ProgramData\WebEx\MyWebEx\319\rapanel.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
PRC - C:\IDrive\IDriveEBackground.exe (Pro Softnet Corp.)
PRC - C:\Program Files\MyWebEx\Mobile Access\PCNowMobileClient.exe (WebEx Communications)
PRC - C:\IDrive\IDriveETray.exe (Pro Softnet Corp.)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Toshiba\IVP\ISM\pinger.exe ()
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Charter High-Speed Security Suite\Spam Control\fsscoepl.dll (F-Secure Corporation)
MOD - \\?\c:\program files\charter high-speed security suite\hips\fshook32.dll ()
MOD - C:\Windows\IME\SPTIP.DLL (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FSORSPClient) -- C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (atnthost) -- C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe (WebEx Communications, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (FSMA) -- C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (IDriveE Service) -- C:\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (GoToMyPC) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (F-Secure Gatekeeper) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\Windows\system32\Drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsrec.sys ()
DRV - (fsvista) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsvista.sys ()
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR3NPXP) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Charter High-Speed Security Suite\NRS\litmus-ff@f-secure.com [2010/01/12 11:11:07 | 000,000,000 | ---D | M]
[2009/12/31 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions
[2009/12/31 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [iDriveE Startup] C:\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: classbsf.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} https://www.classbsf.org/Reserved.ReportVie...OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} https://www.idrive.com/idrivee/jsp/OzDesktopImporter.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://certaprosupport.webex.com/client/T2...rt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 24.177.176.38 24.217.0.5
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lynn\Documents\Geoff\100_0254.JPG
O24 - Desktop BackupWallPaper: C:\Users\Lynn\Documents\Geoff\100_0254.JPG
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{58761e0d-26a2-11de-b350-00a0d191a807}\Shell - "" = AutoRun
O33 - MountPoints2\{58761e0d-26a2-11de-b350-00a0d191a807}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5a70e3f8-bec9-11dc-b8fc-00a0d191a807}\Shell - "" = AutoRun
O33 - MountPoints2\{5a70e3f8-bec9-11dc-b8fc-00a0d191a807}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/03/28 20:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/28 13:51:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/28 13:51:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/28 13:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/28 13:19:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/27 17:09:48 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe
[2010/03/24 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Desktop\Bryan
[2010/03/24 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/03/24 19:38:15 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Yahoo!
[2010/03/24 19:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/03/24 19:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/24 19:11:51 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Uniblue
[2010/03/24 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\AVG8
[2010/03/23 19:52:37 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Malwarebytes
[2010/03/23 19:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/22 18:20:01 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Documents\Downloads
[2010/03/21 04:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2010/03/11 10:38:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 10:38:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/02 15:43:29 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\IsolatedStorage
[2010/03/01 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\V-Safe 100
========== Files - Modified Within 30 Days ==========
[2010/03/29 20:31:40 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2010/03/29 20:29:04 | 003,407,872 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT
[2010/03/29 20:24:08 | 000,000,350 | ---- | M] () -- C:\Users\Lynn\Desktop\Malwarebytes Forum - Malware Removal - HijackThis Logs.url
[2010/03/29 19:51:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/29 19:42:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/29 19:42:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/29 18:07:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/29 17:46:22 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/29 17:42:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/29 17:42:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/29 17:42:27 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/29 16:21:14 | 000,524,288 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/29 16:21:14 | 000,065,536 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/29 16:20:47 | 003,107,173 | -H-- | M] () -- C:\Users\Lynn\AppData\Local\IconCache.db
[2010/03/28 13:51:41 | 000,000,829 | ---- | M] () -- C:\Users\Lynn\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/27 20:41:01 | 000,717,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/27 20:41:01 | 000,613,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/27 20:41:01 | 000,108,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/27 16:08:03 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe
[2010/03/24 19:38:10 | 000,001,681 | ---- | M] () -- C:\Users\Lynn\Desktop\CCleaner.lnk
[2010/03/23 19:11:22 | 000,002,627 | ---- | M] () -- C:\Users\Lynn\Desktop\Microsoft Office Word 2007.lnk
[2010/03/22 13:56:59 | 040,312,832 | ---- | M] () -- C:\Users\Lynn\Desktop\CertaPro Painters Master Quickbooks (2007) (Backup Mar 22,2010 01 55 PM).QBB
[2010/03/21 11:25:41 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/20 17:12:48 | 000,353,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/02 18:13:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/03/02 15:46:40 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
========== Files Created - No Company Name ==========
[2010/03/29 09:22:01 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job
[2010/03/29 09:16:27 | 000,000,350 | ---- | C] () -- C:\Users\Lynn\Desktop\Malwarebytes Forum - Malware Removal - HijackThis Logs.url
[2010/03/28 13:51:41 | 000,000,829 | ---- | C] () -- C:\Users\Lynn\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/24 19:38:10 | 000,001,681 | ---- | C] () -- C:\Users\Lynn\Desktop\CCleaner.lnk
[2010/03/22 13:56:11 | 040,312,832 | ---- | C] () -- C:\Users\Lynn\Desktop\CertaPro Painters Master Quickbooks (2007) (Backup Mar 22,2010 01 55 PM).QBB
[2010/03/19 13:30:47 | 2011,217,920 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/02 18:13:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/03/02 15:46:40 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2009/10/05 23:06:02 | 000,000,680 | ---- | C] () -- C:\Users\Lynn\AppData\Local\d3d9caps.dat
[2009/09/18 17:15:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/27 09:19:22 | 000,006,778 | ---- | C] () -- C:\Users\Lynn\AppData\Roaming\PrimoPDFSet.xml
[2009/02/27 09:16:47 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/01/16 20:33:43 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/14 13:25:40 | 000,033,920 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2008/12/24 10:50:24 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2008/07/15 16:24:25 | 000,009,216 | ---- | C] () -- C:\Users\Lynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/22 12:36:30 | 000,001,714 | ---- | C] () -- C:\Users\Lynn\AppData\Roaming\wklnhst.dat
[2008/04/28 13:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2008/01/25 16:58:54 | 000,017,511 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/25 13:05:59 | 000,000,092 | ---- | C] () -- C:\Users\Lynn\AppData\Local\fusioncache.dat
[2007/08/22 16:33:11 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/22 16:18:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/22 16:18:54 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/22 16:18:54 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/22 16:18:54 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/22 16:18:54 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/22 16:18:54 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/22 15:49:10 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/22 15:49:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/08/22 15:49:10 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/22 15:49:10 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/08/22 15:45:08 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/07/28 02:26:30 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/12/05 16:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
< End of report >
-
Here are results. ==========
I am assuming that all this stuff I've posted publicly is ok? nothing anyone can use for further damage?
I haven't tested much but I am assuming that everything is ok and I am good to go?
What is your process? you make me run some things, then you look at it and determine and build the fix?
Do you have another program to use or do you just look for bad files? just curious about the process.
What would have been my other options to fix this..?
Thank you and I will donate for sure if give me an idea about the process and answer above.. just curious.
not trying to steal your secrets.
Thank you again.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0a35ffc7358ed04fbdf9687fabc7bc12
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-29 03:38:50
# local_time=2010-03-28 11:38:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 106431209 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=190488
# found=0
# cleaned=0
# scan_time=10249
=====================
Malwarebytes' Anti-Malware 1.44
Database version: 3924
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
3/28/2010 6:39:36 PM
mbam-log-2010-03-28 (18-39-36).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 314722
Time elapsed: 1 hour(s), 42 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpqoko6 (Worm.KoobFace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\tapisrvs (Worm.KoobFace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\_OTL\MovedFiles\03282010_163302\C_Users\Lynn\AppData\Local\rdr_1269296129.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03282010_163302\C_Users\Lynn\AppData\Local\rdr_1269312931.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03282010_163302\C_Users\Lynn\AppData\Local\rdr_1269367689.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03282010_163302\C_Windows\bill104.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03282010_163302\C_Windows\System32\erokosvc.dll (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\03282010_163302\C_Windows\System32\drivers\imapioko.sys (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\System32\erokosvc.dll (Worm.KoobFace) -> Quarantined and deleted successfully.
===========================
Sorry copy and paste error on my end.Try the following then it will work.
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
SRV - (cpqoko6) -- C:\Windows\System32\erokosvc.dll (Gteko Ltd.)
DRV - (apto6ko) -- C:\Windows\System32\drivers\imapioko.sys (Adobe Systems)
[2010/03/23 14:08:38 | 000,223,744 | ---- | C] (Sun Microsystems) -- C:\Users\Lynn\AppData\Local\rdr_1269367689.exe
[2010/03/22 22:55:51 | 000,226,304 | ---- | C] (Iomega Corporation) -- C:\Users\Lynn\AppData\Local\rdr_1269312931.exe
[2010/03/22 18:15:56 | 000,223,744 | ---- | C] (Philips) -- C:\Users\Lynn\AppData\Local\rdr_1269296129.exe
[2010/03/19 08:19:19 | 000,224,768 | ---- | C] (Lexmark) -- C:\Users\Lynn\AppData\Local\rdr_1269001124.exe
[2010/03/19 13:41:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\
-
Something didn't work. I could not update Mbam. would not let me as before. error code 732 (12007,0).
- below is result of OTL fix. One thing I noticed in the things you asked me to copy to the scan box had someone else's info in it. ie. C:\Documents and Settings\Dona Roell\Application Data. this should be ...\Lynn\...??
- uninstalled Malwarebytes and installed after it won't work, just in case. same error as above.
- Reran OTL again in case you needed that. results below.
Ran it twice but it never created the extra.txt file. ?
HELP
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\bisomasu.dll deleted successfully.
File c:\windows\system32\bisomasu.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRIxuTN\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xmjtnzpc\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57023d58-d5be-11dd-9a0a-0050ba548a7c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57023d58-d5be-11dd-9a0a-0050ba548a7c}\ not found.
File D:\USBAutoRun.exe not found.
File C:\WINDOWS\System32\sajuyaya.dll not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Lynn
->Temp folder emptied: 2409388 bytes
->Temporary Internet Files folder emptied: 26666486 bytes
->Java cache emptied: 66402731 bytes
->Flash cache emptied: 1895120 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1779617 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 95.00 mb
OTL by OldTimer - Version 3.1.37.3 log created on 03282010_131947
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\WebEx\Log\328\atashost.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\WebEx\Log\328\atnthost.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
=================== Rerun of OTL just in case you need
==================
OTL logfile created on: 3/28/2010 1:59:40 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Lynn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 76.94 Gb Free Space | 52.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 3.81 Gb Total Space | 3.36 Gb Free Space | 88.38% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LYNN-PC
Current User Name: Lynn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe (WebEx Communications, Inc.)
PRC - C:\ProgramData\WebEx\MyWebEx\319\raagtapp.exe ()
PRC - C:\ProgramData\WebEx\MyWebEx\319\rapanel.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
PRC - C:\IDrive\IDriveEBackground.exe (Pro Softnet Corp.)
PRC - C:\Program Files\MyWebEx\Mobile Access\PCNowMobileClient.exe (WebEx Communications)
PRC - C:\IDrive\IDriveETray.exe (Pro Softnet Corp.)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Users\Lynn\AppData\Roaming\U3\0000184AA474C9C6\LaunchPad.exe ()
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Toshiba\IVP\ISM\pinger.exe ()
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Charter High-Speed Security Suite\Spam Control\fsscoepl.dll (F-Secure Corporation)
MOD - \\?\c:\program files\charter high-speed security suite\hips\fshook32.dll ()
MOD - C:\Windows\IME\SPTIP.DLL (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FSORSPClient) -- C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (atnthost) -- C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe (WebEx Communications, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (FSMA) -- C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (cpqoko6) -- C:\Windows\System32\erokosvc.dll (Gteko Ltd.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (IDriveE Service) -- C:\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (GoToMyPC) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (fsbts) -- C:\Windows\system32\Drivers\fsbts.sys ()
DRV - (F-Secure Gatekeeper) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS) -- C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsrec.sys ()
DRV - (fsvista) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsvista.sys ()
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (apto6ko) -- C:\Windows\System32\drivers\imapioko.sys (Adobe Systems)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR3NPXP) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Charter High-Speed Security Suite\NRS\litmus-ff@f-secure.com [2010/01/12 11:11:07 | 000,000,000 | ---D | M]
[2009/12/31 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions
[2009/12/31 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [iDriveE Startup] C:\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: classbsf.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} https://www.classbsf.org/Reserved.ReportVie...OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} https://www.idrive.com/idrivee/jsp/OzDesktopImporter.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://certaprosupport.webex.com/client/T2...rt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 24.177.176.38 24.217.0.5
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lynn\Documents\Geoff\100_0254.JPG
O24 - Desktop BackupWallPaper: C:\Users\Lynn\Documents\Geoff\100_0254.JPG
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/12 15:53:42 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{58761e0d-26a2-11de-b350-00a0d191a807}\Shell - "" = AutoRun
O33 - MountPoints2\{58761e0d-26a2-11de-b350-00a0d191a807}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5a70e3f8-bec9-11dc-b8fc-00a0d191a807}\Shell - "" = AutoRun
O33 - MountPoints2\{5a70e3f8-bec9-11dc-b8fc-00a0d191a807}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/02/12 21:33:37 | 001,110,016 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/12/23 18:36:42 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 30 Days ==========
[2010/03/28 13:51:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/28 13:51:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/28 13:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/28 13:19:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/27 17:09:48 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe
[2010/03/24 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Desktop\Bryan
[2010/03/24 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/03/24 19:38:15 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Yahoo!
[2010/03/24 19:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/03/24 19:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/24 19:37:38 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Users\Lynn\Desktop\ccsetup228.exe
[2010/03/24 19:36:43 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lynn\Desktop\mbam-setup.exe
[2010/03/24 19:11:51 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Uniblue
[2010/03/24 19:08:52 | 004,023,064 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\Lynn\Desktop\registrybooster.exe
[2010/03/24 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\AVG8
[2010/03/24 19:00:48 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Users\Lynn\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010/03/23 19:52:37 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Malwarebytes
[2010/03/23 19:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/23 14:08:38 | 000,223,744 | ---- | C] (Sun Microsystems) -- C:\Users\Lynn\AppData\Local\rdr_1269367689.exe
[2010/03/22 22:55:51 | 000,226,304 | ---- | C] (Iomega Corporation) -- C:\Users\Lynn\AppData\Local\rdr_1269312931.exe
[2010/03/22 18:20:01 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Documents\Downloads
[2010/03/22 18:15:56 | 000,223,744 | ---- | C] (Philips) -- C:\Users\Lynn\AppData\Local\rdr_1269296129.exe
[2010/03/21 04:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2010/03/19 08:19:19 | 000,224,768 | ---- | C] (Lexmark) -- C:\Users\Lynn\AppData\Local\rdr_1269001124.exe
[2010/03/11 10:38:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 10:38:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/02 15:43:29 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\IsolatedStorage
[2010/03/01 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\V-Safe 100
========== Files - Modified Within 30 Days ==========
[2010/03/28 13:59:21 | 003,407,872 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT
[2010/03/28 13:51:41 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/28 13:51:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/28 13:42:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/28 13:42:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/28 13:27:25 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/28 13:23:51 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 13:23:50 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 13:23:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/28 13:23:36 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/28 13:21:32 | 000,524,288 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/28 13:21:32 | 000,065,536 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/27 22:44:41 | 004,012,591 | -H-- | M] () -- C:\Users\Lynn\AppData\Local\IconCache.db
[2010/03/27 20:41:01 | 000,717,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/27 20:41:01 | 000,613,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/27 20:41:01 | 000,108,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/27 17:12:09 | 000,293,376 | ---- | M] () -- C:\Users\Lynn\Desktop\lb0nj5fj.exe
[2010/03/27 16:08:03 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe
[2010/03/25 20:52:29 | 331,450,006 | ---- | M] () -- C:\Users\Lynn\Desktop\resedit backup.reg
[2010/03/24 19:38:10 | 000,001,681 | ---- | M] () -- C:\Users\Lynn\Desktop\CCleaner.lnk
[2010/03/24 19:35:49 | 003,370,400 | ---- | M] (Piriform Ltd) -- C:\Users\Lynn\Desktop\ccsetup228.exe
[2010/03/23 19:47:40 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lynn\Desktop\mbam-setup.exe
[2010/03/23 19:13:51 | 000,393,911 | ---- | M] () -- C:\Users\Lynn\Desktop\Doc1after1deleteI think.docx
[2010/03/23 19:11:22 | 000,002,627 | ---- | M] () -- C:\Users\Lynn\Desktop\Microsoft Office Word 2007.lnk
[2010/03/23 14:08:38 | 000,223,744 | ---- | M] (Sun Microsystems) -- C:\Users\Lynn\AppData\Local\rdr_1269367689.exe
[2010/03/23 14:08:09 | 000,000,001 | ---- | M] () -- C:\Windows\ligh
[2010/03/23 13:47:08 | 000,329,645 | ---- | M] () -- C:\Users\Lynn\Desktop\Doc1.docx
[2010/03/22 22:55:51 | 000,226,304 | ---- | M] (Iomega Corporation) -- C:\Users\Lynn\AppData\Local\rdr_1269312931.exe
[2010/03/22 18:16:17 | 000,223,744 | ---- | M] (Philips) -- C:\Users\Lynn\AppData\Local\rdr_1269296129.exe
[2010/03/22 13:56:59 | 040,312,832 | ---- | M] () -- C:\Users\Lynn\Desktop\CertaPro Painters Master Quickbooks (2007) (Backup Mar 22,2010 01 55 PM).QBB
[2010/03/21 11:25:41 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/20 17:12:48 | 000,353,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/19 13:41:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\
-
FYI , Now when I click in IE .. a box comes up saying IE has stopped working. ....and won't load
-
Thank you for your help.
I am getting behind on my work FYI. I had to move the pgms and log files back and forth from another computer because infected one won't let me get to this website.
=========================
OTL logfile created on: 3/27/2010 8:42:07 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Lynn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 76.94 Gb Free Space | 52.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 3.81 Gb Total Space | 3.36 Gb Free Space | 88.38% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LYNN-PC
Current User Name: Lynn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe (WebEx Communications, Inc.)
PRC - C:\ProgramData\WebEx\MyWebEx\319\raagtapp.exe ()
PRC - C:\ProgramData\WebEx\MyWebEx\319\rapanel.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
PRC - C:\IDrive\IDriveEBackground.exe (Pro Softnet Corp.)
PRC - C:\Program Files\MyWebEx\Mobile Access\PCNowMobileClient.exe (WebEx Communications)
PRC - C:\IDrive\IDriveETray.exe (Pro Softnet Corp.)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Users\Lynn\AppData\Roaming\U3\0000184AA474C9C6\LaunchPad.exe ()
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Toshiba\IVP\ISM\pinger.exe ()
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Lynn\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Charter High-Speed Security Suite\Spam Control\fsscoepl.dll (F-Secure Corporation)
MOD - \\?\c:\program files\charter high-speed security suite\hips\fshook32.dll ()
MOD - C:\Windows\IME\SPTIP.DLL (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FSORSPClient) -- C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (atnthost) -- C:\ProgramData\WebEx\MyWebEx\319\atnthost.exe (WebEx Communications, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (FSMA) -- C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (cpqoko6) -- C:\Windows\System32\erokosvc.dll (Gteko Ltd.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (IDriveE Service) -- C:\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (GoToMyPC) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (fsbts) -- C:\Windows\system32\Drivers\fsbts.sys ()
DRV - (F-Secure Gatekeeper) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS) -- C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\win2k\fsrec.sys ()
DRV - (fsvista) -- C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsvista.sys ()
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (apto6ko) -- C:\Windows\System32\drivers\imapioko.sys (Adobe Systems)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR3NPXP) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Charter High-Speed Security Suite\NRS\litmus-ff@f-secure.com [2010/01/12 11:11:07 | 000,000,000 | ---D | M]
[2009/12/31 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions
[2009/12/31 17:54:02 | 000,000,000 | ---D | M] -- C:\Users\Lynn\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [iDriveE Startup] C:\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Charter High-Speed Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: classbsf.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} https://www.classbsf.org/Reserved.ReportVie...OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} https://www.idrive.com/idrivee/jsp/OzDesktopImporter.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://certaprosupport.webex.com/client/T2...rt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 24.177.176.38 24.217.0.5
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lynn\Documents\Geoff\100_0254.JPG
O24 - Desktop BackupWallPaper: C:\Users\Lynn\Documents\Geoff\100_0254.JPG
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/12 15:53:42 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{58761e0d-26a2-11de-b350-00a0d191a807}\Shell - "" = AutoRun
O33 - MountPoints2\{58761e0d-26a2-11de-b350-00a0d191a807}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5a70e3f8-bec9-11dc-b8fc-00a0d191a807}\Shell - "" = AutoRun
O33 - MountPoints2\{5a70e3f8-bec9-11dc-b8fc-00a0d191a807}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/02/12 21:33:37 | 001,110,016 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/12/23 18:36:42 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 30 Days ==========
[2010/03/27 17:09:48 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe
[2010/03/25 19:30:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/25 19:30:22 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/24 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Desktop\Bryan
[2010/03/24 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/03/24 19:38:15 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Yahoo!
[2010/03/24 19:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/03/24 19:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/24 19:37:38 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Users\Lynn\Desktop\ccsetup228.exe
[2010/03/24 19:36:43 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lynn\Desktop\mbam-setup.exe
[2010/03/24 19:11:51 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Uniblue
[2010/03/24 19:08:52 | 004,023,064 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\Lynn\Desktop\registrybooster.exe
[2010/03/24 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\AVG8
[2010/03/24 19:00:48 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Users\Lynn\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010/03/23 19:52:37 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Roaming\Malwarebytes
[2010/03/23 19:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/23 19:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/23 14:08:38 | 000,223,744 | ---- | C] (Sun Microsystems) -- C:\Users\Lynn\AppData\Local\rdr_1269367689.exe
[2010/03/22 22:55:51 | 000,226,304 | ---- | C] (Iomega Corporation) -- C:\Users\Lynn\AppData\Local\rdr_1269312931.exe
[2010/03/22 18:20:01 | 000,000,000 | ---D | C] -- C:\Users\Lynn\Documents\Downloads
[2010/03/22 18:15:56 | 000,223,744 | ---- | C] (Philips) -- C:\Users\Lynn\AppData\Local\rdr_1269296129.exe
[2010/03/21 04:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2010/03/19 08:19:19 | 000,224,768 | ---- | C] (Lexmark) -- C:\Users\Lynn\AppData\Local\rdr_1269001124.exe
[2010/03/11 10:38:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 10:38:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/02 15:43:29 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\IsolatedStorage
[2010/03/01 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Lynn\AppData\Local\V-Safe 100
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/03/27 20:41:14 | 003,407,872 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT
[2010/03/27 20:41:01 | 000,717,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/27 20:41:01 | 000,613,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/27 20:41:01 | 000,108,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/27 20:36:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 20:36:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 19:51:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/27 18:45:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/27 17:12:09 | 000,293,376 | ---- | M] () -- C:\Users\Lynn\Desktop\lb0nj5fj.exe
[2010/03/27 16:10:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/27 16:10:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/27 16:08:03 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Lynn\Desktop\OTL.exe
[2010/03/27 14:36:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/27 14:36:12 | 2009,133,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/25 20:52:29 | 331,450,006 | ---- | M] () -- C:\Users\Lynn\Desktop\resedit backup.reg
[2010/03/25 19:30:29 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/25 14:56:19 | 000,524,288 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/25 14:56:19 | 000,065,536 | -HS- | M] () -- C:\Users\Lynn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/25 14:55:44 | 004,007,481 | -H-- | M] () -- C:\Users\Lynn\AppData\Local\IconCache.db
[2010/03/24 19:38:10 | 000,001,681 | ---- | M] () -- C:\Users\Lynn\Desktop\CCleaner.lnk
[2010/03/24 19:35:49 | 003,370,400 | ---- | M] (Piriform Ltd) -- C:\Users\Lynn\Desktop\ccsetup228.exe
[2010/03/23 19:47:40 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lynn\Desktop\mbam-setup.exe
[2010/03/23 19:13:51 | 000,393,911 | ---- | M] () -- C:\Users\Lynn\Desktop\Doc1after1deleteI think.docx
[2010/03/23 19:11:22 | 000,002,627 | ---- | M] () -- C:\Users\Lynn\Desktop\Microsoft Office Word 2007.lnk
[2010/03/23 14:08:38 | 000,223,744 | ---- | M] (Sun Microsystems) -- C:\Users\Lynn\AppData\Local\rdr_1269367689.exe
[2010/03/23 14:08:09 | 000,000,001 | ---- | M] () -- C:\Windows\ligh
[2010/03/23 13:47:08 | 000,329,645 | ---- | M] () -- C:\Users\Lynn\Desktop\Doc1.docx
[2010/03/22 22:55:51 | 000,226,304 | ---- | M] (Iomega Corporation) -- C:\Users\Lynn\AppData\Local\rdr_1269312931.exe
[2010/03/22 18:16:17 | 000,223,744 | ---- | M] (Philips) -- C:\Users\Lynn\AppData\Local\rdr_1269296129.exe
[2010/03/22 13:56:59 | 040,312,832 | ---- | M] () -- C:\Users\Lynn\Desktop\CertaPro Painters Master Quickbooks (2007) (Backup Mar 22,2010 01 55 PM).QBB
[2010/03/21 11:25:41 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/20 17:12:48 | 000,353,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/19 13:41:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\
-
I posted the below in another forum and was told to do the tasks in the main topic "........wtopic=9573."
Then come here and make a post.
I saw another topic that said to run another set of programs ( OTL .) This topic http://forums.malwarebytes.org/index.php?s...locking+website.
.. so I am confused about what I should do next. In the main topic 9573 that seems to be the starting point. It won't let me update MabM. So should I finish the main topic 9573 link tasks including the "defogger, etc" or try the OTL topic.
Plus it seems that different steps may be needed after I run and post results.
Can someone push in the right way to get started. ?
Thanks
===
My orginal post
1. I found the trojan.fakeav.kue via charters virus checker. it removed it. but it keeps coming back. symptoms are fake virus checkers keep popping up and running.
Files found were : Trojan.fakeav.kue.
and other tiimes it found : Trojan.generic.354066. After I removed the kue file and run the checker again it would find the generic.354066 file.
2. It got to where I could not go to malwarebytes.org site from IE. I loaded Chrome and same thing. ( other sites worked. weather, ebay, etc) AVG site did not work it. came back site not found. I have no idea if this is related but surely appears to be based malware failed update below.
3. I downloaded malwarebytes via another computer and transfered it to bad one. Got Malware to load. Tried running the update and it came back with error 732 (12007,0) Contact Malware support.
The update verison it downloaded was 3510.
4. I ran the scanner anyway. and it found the below.
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
3/23/2010 8:11:45 PM
mbam-log-2010-03-23 (20-11-45).txt
Scan type: Quick Scan
Objects scanned: 118077
Time elapsed: 11 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
5. Ran it again but it came back with nothing.
6. Open up IE and the fake virus keeps coming back.
HELP. FYI. followed Malware admin steps above. and also turned wireless off at times (tried both ways) when running. But was always connected to wireless when trying to update or try sites. only turned off when running scanner (popups would come up during scan) or re-booting.
-
1. I found the trojan.fakeav.kue via charters virus checker. it removed it. but it keeps coming back. symptoms are fake virus checkers keep popping up and running.
Files found were : Trojan.fakeav.kue.
and other tiimes it found : Trojan.generic.354066. After I removed the kue file and run the checker again it would find the generic.354066 file.
2. It got to where I could not go to malwarebytes.org site from IE. I loaded Chrome and same thing. ( other sites worked. weather, ebay, etc) AVG site did not work it. came back site not found. I have no idea if this is related but surely appears to be based malware failed update below.
3. I downloaded malwarebytes via another computer and transfered it to bad one. Got Malware to load. Tried running the update and it came back with error 732 (12007,0) Contact Malware support.
The update verison it downloaded was 3510.
4. I ran the scanner anyway. and it found the below.
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
3/23/2010 8:11:45 PM
mbam-log-2010-03-23 (20-11-45).txt
Scan type: Quick Scan
Objects scanned: 118077
Time elapsed: 11 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
5. Ran it again but it came back with nothing.
6. Open up IE and the fake virus keeps coming back.
HELP. FYI. followed Malware admin steps above. and also turned wireless off at times (tried both ways) when running. But was always connected to wireless when trying to update or try sites. only turned off when running scanner (popups would come up during scan) or re-booting.
I am getting behind on my work
Infected .. MB won't update. Someone please help
in Resolved Malware Removal Logs
Posted
Malwarebytes won't update or most or all my AV stuff seems to be infected.
I think it is a trojan.?
I run MB and it says no errors, but stuff keeps popping up.
I am having to even use another computer to email this.
Someone please help me.