Jump to content

Recommended Posts

I have been infected with gaopdx and cannot get it out of my computer. It says it's gone until I have to restart my computer... and then it comes right back and shows up again. Any help would be much appreciated as I'd rather not have to wipe the computer. Here are the log files:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:03:03 AM, on 4/10/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\winlogon.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\TOSHIBA\IVP\ISM\pinger.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Curse\CurseClient.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\Program Files\Toshiba Registration\Registration.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\WLANExt.exe

C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\me.exe" /runcleanupscript

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [155732904] C:\Program Files\Toshiba Registration\Registration.exe /r "C:\Program Files\Toshiba Registration\Registration.rpd"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe

O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

--

End of file - 10698 bytes

Malwarebytes' Anti-Malware 1.36

Database version: 1945

Windows 6.0.6001 Service Pack 1

4/9/2009 10:35:21 PM

mbam-log-2009-04-09 (22-35-21).txt

Scan type: Quick Scan

Objects scanned: 61603

Time elapsed: 7 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\RECYCLER\S-6-1-46-100017683-100031070-100013757-3295.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

These steps are for member scottydogg99 only. If you are a lurker, do NOT try this on your system!

If you are not scottydogg99 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

:arrow: Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Since this is on Vista, in most all the tools I will have you use, you will need to First, do a RIGHT-Click on the program shortcut, link, or the executable .... and then select RUN As Administrator

Please always remember that !!

=

Please do the following.

Download The Avenger by Swandog46 from here.

  • Unzip/extract it to a folder on your desktop.
  • RIGHT-click on avenger.exe and select Run as Administrator to start The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Files to delete:C:\RECYCLER\S-6-1-46-100017683-100031070-100013757-3295.com
    Folders to delete:C:\RecyclerD:\RecyclerE:\RecyclerF:\RecyclerG:\RecyclerH:\RecyclerI:\RecyclerC:\ResycledD:\ResycledE:\ResycledF:\ResycledG:\ResycledH:\ResycledI:\Resycled


  • In the avenger window, click the Paste Script from Clipboard icon, pastets4.png button.
  • :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.

Get, save, and then run this tool from F-Secure

Save the ZIP file to your Desktop, and unzip the contents.

Make sure if you have any open work, to save your work, and close all your open windows.

In the process of running this tool, restarts may be required.

Run the exe.

Advise me of what results are given by the tool.

Download KKiller_v3.4.1.zip and extract the contents of zip-file to a new (unique) folder on the infected PC.

Run KKiller.exe.

When the scan is finished, a command line window may still be open; simply press any key to close it.

If you are running KKiller.exe on a computer which has Agnitum Outpost Firewall installed, you should reboot the computer once the KKiller utility has finished running.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • RIGHT- lick on Combo-Fix.exe and select Run as Administrator & follow the prompts.
    Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.
    IF and only IF you should see a message like this:
    Rookit_found.gif
    then, be sure to write down fully and also copy that into your next reply here and then await for my response.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    -------------------------------------------------------
    A caution - Do not run Combofix more than once.
    Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
    The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
    If this occurs, please reboot to restore the desktop.
    Even when ComboFix appears to be doing nothing, look at your Drive light.
    If it is flashing, Combofix is still at work.
    =
    RE-Enable your AntiVirus and AntiSpyware applications.
    Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or http://download.bleepingcomputer.com/sUBs/dds.scr or
    http://www.forospyware.com/sUBs/dds
    Disable any script blocker if your antivirus/antimalware has it.
    Then double click dds.scr to run the tool.
    When done, DDS.txt will open.
    Click Yes at the next prompt for Optional Scan.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt

      [*]Save both reports to your desktop.

    Please include copies of contents of the following logs in your next reply:

    C:\Avenger.txt

    C:\Combofix.txt

    DDS.txt

    Attach.txt

    Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You'll likely have to do more than 1 reply.

Link to post
Share on other sites

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: could not open file "C:\RECYCLER\S-6-1-46-100017683-100031070-100013757-3295.com"

Deletion of file "C:\RECYCLER\S-6-1-46-100017683-100031070-100013757-3295.com" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: folder "C:\Recycler" not found!

Deletion of folder "C:\Recycler" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: could not open folder "D:\Recycler"

Deletion of folder "D:\Recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "E:\Recycler"

Deletion of folder "E:\Recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "F:\Recycler"

Deletion of folder "F:\Recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "G:\Recycler"

Deletion of folder "G:\Recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "H:\Recycler"

Deletion of folder "H:\Recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "I:\Recycler"

Deletion of folder "I:\Recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: folder "C:\Resycled" not found!

Deletion of folder "C:\Resycled" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: could not open folder "D:\Resycled"

Deletion of folder "D:\Resycled" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "E:\Resycled"

Deletion of folder "E:\Resycled" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "F:\Resycled"

Deletion of folder "F:\Resycled" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "G:\Resycled"

Deletion of folder "G:\Resycled" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "H:\Resycled"

Deletion of folder "H:\Resycled" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "I:\Resycled"

Deletion of folder "I:\Resycled" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Completed script processing.

*******************

Finished! Terminate.

ComboFix 09-04-04.01 - Scott 2009-04-11 9:56:00.1 - NTFSx86 MINIMAL

Microsoft

Link to post
Share on other sites

Let's have you do this. Logoff and restart the system for a fresh start.

Start your MBAM.

Click the Settings Tab. Make sure all option lines have a checkmark.

Click the Update tab. Press the "Check for Updates" button.

At this time, the current definitions are # 1967 or later. The latest program version is 1.36 (released April 6)

When done, click the Scanner tab.

Do a Quick Scan. Let it quarantine or remove tagged items. Get a copy of that log in your next reply.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.36

Database version: 1967

Windows 6.0.6001 Service Pack 1

4/11/2009 2:56:07 PM

mbam-log-2009-04-11 (14-56-07).txt

Scan type: Quick Scan

Objects scanned: 60848

Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Files to delete:c:\windows\system32\drivers\msqpdxserv.sys c:\windows\system32\TDSSweat.datC:\WINDOWS\system32\drivers\TDSSmqlt.sys C:\windows\system32\drivers\tdssserv.sysC:\WINDOWS\system32\drivers\TDSSmact.sysC:\WINDOWS\system32\TDSSfpmp.dllC:\WINDOWS\system32\TDSSwpyd.dat C:\WINDOWS\system32\TDSStkdv.log  C:\WINDOWS\system32\TDSSotxb.dll C:\WINDOWS\system32\TDSScrrn.dll C:\WINDOWS\system32\TDSSbvqh.dll C:\WINDOWS\system32\TDSSjnmx.dllc:\windows\system32\TDSShrxr.dllc:\windows\system32\TDSSkkbi.logc:\windows\system32\TDSSlrvd.datc:\windows\system32\TDSSlxwp.dllc:\windows\system32\TDSSnmxh.logc:\windows\system32\TDSSoiqt.dllc:\windows\system32\TDSSrhyp.logc:\windows\system32\TDSSrtqp.dllc:\windows\system32\TDSSsihc.dllc:\windows\system32\TDSSxfum.dllc:\windows\system32\TDSSmtve.datc:\windows\system32\TDSSnirj.datC:\WINDOWS\SYSTEM32\TDSSixgp.dllC:\WINDOWS\SYSTEM32\TDSSproc.logC:\WINDOWS\SYSTEM32\TDSSwkod.log
    Drivers to delete:gaopdxserv.sysgaopdxservgaopdxltdsstdssservTDSSserv.SYSService_TDSSSERV.SYSLegacy_TDSSSERV.SYSmsqpdxserv.sysmsqpdxserv
    Registry keys to delete:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gaopdxserv.sysHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gaopdxserv.sysHKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssservHKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gaopdxservHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssservHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sysHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata HKEY_LOCAL_MACHINE\SOFTWARE\tdss HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERVHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules\gaopdxlHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules\gaopdxservHKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules\gaopdxlHKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules\gaopdxserv
    Folders to delete:C:\resycledD:\resyclede:\resycledf:\resycledg:\resycledh:\resycledC:\recyclerD:\recyclere:\recyclerf:\recyclerg:\recyclerh:\recycler


  • In the avenger window, click the Paste Script from Clipboard icon, pastets4.png button.
  • :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.

Not all the items will be found; so do not worry. Hopefully enough of the rootkit will be removed so that we can continue forward with more cleaning.

If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.

and then reboot the system again.

Link to post
Share on other sites

I now can't get into Windows in normal mode. It freezes up every time I try (I'm currently in safe mode with network suport. Here's the log though:

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "c:\windows\system32\drivers\msqpdxserv.sys" not found!

Deletion of file "c:\windows\system32\drivers\msqpdxserv.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSSweat.dat" not found!

Deletion of file "c:\windows\system32\TDSSweat.dat" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" not found!

Deletion of file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\windows\system32\drivers\tdssserv.sys" not found!

Deletion of file "C:\windows\system32\drivers\tdssserv.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\drivers\TDSSmact.sys" not found!

Deletion of file "C:\WINDOWS\system32\drivers\TDSSmact.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\TDSSfpmp.dll" not found!

Deletion of file "C:\WINDOWS\system32\TDSSfpmp.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\TDSSwpyd.dat" not found!

Deletion of file "C:\WINDOWS\system32\TDSSwpyd.dat" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\TDSStkdv.log" not found!

Deletion of file "C:\WINDOWS\system32\TDSStkdv.log" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\TDSSotxb.dll" not found!

Deletion of file "C:\WINDOWS\system32\TDSSotxb.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\TDSScrrn.dll" not found!

Deletion of file "C:\WINDOWS\system32\TDSScrrn.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\TDSSbvqh.dll" not found!

Deletion of file "C:\WINDOWS\system32\TDSSbvqh.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\system32\TDSSjnmx.dll" not found!

Deletion of file "C:\WINDOWS\system32\TDSSjnmx.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSShrxr.dll" not found!

Deletion of file "c:\windows\system32\TDSShrxr.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSSkkbi.log" not found!

Deletion of file "c:\windows\system32\TDSSkkbi.log" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSSlrvd.dat" not found!

Deletion of file "c:\windows\system32\TDSSlrvd.dat" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSSlxwp.dll" not found!

Deletion of file "c:\windows\system32\TDSSlxwp.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSSnmxh.log" not found!

Deletion of file "c:\windows\system32\TDSSnmxh.log" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSSoiqt.dll" not found!

Deletion of file "c:\windows\system32\TDSSoiqt.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSSrhyp.log" not found!

Deletion of file "c:\windows\system32\TDSSrhyp.log" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSSrtqp.dll" not found!

Deletion of file "c:\windows\system32\TDSSrtqp.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSSsihc.dll" not found!

Deletion of file "c:\windows\system32\TDSSsihc.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSSxfum.dll" not found!

Deletion of file "c:\windows\system32\TDSSxfum.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSSmtve.dat" not found!

Deletion of file "c:\windows\system32\TDSSmtve.dat" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\TDSSnirj.dat" not found!

Deletion of file "c:\windows\system32\TDSSnirj.dat" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\SYSTEM32\TDSSixgp.dll" not found!

Deletion of file "C:\WINDOWS\SYSTEM32\TDSSixgp.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\SYSTEM32\TDSSproc.log" not found!

Deletion of file "C:\WINDOWS\SYSTEM32\TDSSproc.log" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\SYSTEM32\TDSSwkod.log" not found!

Deletion of file "C:\WINDOWS\SYSTEM32\TDSSwkod.log" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxserv.sys" not found!

Deletion of driver "gaopdxserv.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxserv" not found!

Deletion of driver "gaopdxserv" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxl" not found!

Deletion of driver "gaopdxl" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdss" not found!

Deletion of driver "tdss" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found!

Deletion of driver "tdssserv" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\TDSSserv.SYS" not found!

Deletion of driver "TDSSserv.SYS" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Service_TDSSSERV.SYS" not found!

Deletion of driver "Service_TDSSSERV.SYS" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Legacy_TDSSSERV.SYS" not found!

Deletion of driver "Legacy_TDSSSERV.SYS" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\msqpdxserv.sys" not found!

Deletion of driver "msqpdxserv.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\msqpdxserv" not found!

Deletion of driver "msqpdxserv" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gaopdxserv.sys" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gaopdxserv.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gaopdxserv.sys" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\gaopdxserv.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gaopdxserv" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gaopdxserv" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules\gaopdxl" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules\gaopdxl" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules\gaopdxserv" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys\modules\gaopdxserv" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules\gaopdxl" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules\gaopdxl" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules\gaopdxserv" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules\gaopdxserv" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: folder "C:\resycled" not found!

Deletion of folder "C:\resycled" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: could not open folder "D:\resycled"

Deletion of folder "D:\resycled" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "e:\resycled"

Deletion of folder "e:\resycled" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "f:\resycled"

Deletion of folder "f:\resycled" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "g:\resycled"

Deletion of folder "g:\resycled" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "h:\resycled"

Deletion of folder "h:\resycled" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: folder "C:\recycler" not found!

Deletion of folder "C:\recycler" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: could not open folder "D:\recycler"

Deletion of folder "D:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "e:\recycler"

Deletion of folder "e:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "f:\recycler"

Deletion of folder "f:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "g:\recycler"

Deletion of folder "g:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "h:\recycler"

Deletion of folder "h:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" not found!

Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Link to post
Share on other sites

Download this Antirootkit, program by choosing the "Download EXE" button. Locate it in a folder you create such as C:\ARK\.

Disable the active protection component of your antivirus by following the directions that apply here:

http://www.bleepingcomputer.com/forums/topic114351.html

Please perform a quick rootkit scan:

Double-click the program you just downloaded to launch it.

When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.

When the scan is finished (a few seconds), click Copy to save the scan log to the Windows clipboard

Open Notepad or a similar text editor

Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V

Close the program

Save the scan log and post it in your next reply.

Link to post
Share on other sites

It's probably better to temporarily disable the Trend Micro, usually by right-clicking the icon in the system tray, and disabling the real-time active scan from the list.

If you can't manage it, proceed anyway.

If you get an immediate message from Gmer about rootkit activity, ignore and proceed with instructions please.

P.S. Double-click the Trend Micro AntiVirus plus AntiSpyware EN-1036481-2.gif icon on the lower right corner of your screen.

On the left panel, click Virus & Spyware Controls. Under Protection Against Viruses & Spyware section, click Settings.

I believe what needs to be done is to make sure the top 2 buttons are set to OFF ( instead of ON).

Reverse these changes after all is done with the rootkit scan by Gmer.

Link to post
Share on other sites

I'm still stuck in safe mode right now. I have been since the last avenger scan. Windows won't load at all. It starts to load and says "Please Wait" and never moves on. I let it stay there for almost an hour and it just never did anything and my computers activity light stopped blinking so I came back to safe mode. But since I'm in safe mode trend micro doesn't appear to load up as there is no icon in the bottom corner and there's nothing to do with trend micro in task manager. Here is what the scan came up with though:

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-11 20:33:05

Windows 6.0.6001 Service Pack 1

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 840BC1E8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Go to Start menu, select Run, enter MSCONFIG in the Open text box

and press Enter

Click on the BOOT.INI tab

Take a careful look and make sure that in the Boot Options block, that /SAFEBOOT is NOT checked. Please advise me what you find. Be sure to not make any other changes.

  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Files to delete:C:\$RECYCLE.BIN


  • In the avenger window, click the Paste Script from Clipboard icon, pastets4.png button.
  • :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.

If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.

and then reboot the system again.

I'd suggest you turn off the Windows duh-fault restart on error.

Right Click the My Computer icon on desktop. Select Properties.

Next, select Advanced. Look for a block that says Startup and recovery. Press the settings button.

In System failure section, turn off (un-check) Automatically restart.

Write an event to system log should be Checked (selected).

Apply change.

If you should later on see a STOP error, write down all of the codes and text. And then you can do research (as well as posting here).

Now, logoff Windows and select to Restart. Let me know how it goes.

Link to post
Share on other sites

Get me a copy of the last C:\Avenger.txt in your next reply.

also,

Download BootCheck.exe and SAVE to your desktop.

Double click BootCheck.exe to run the check

When complete, a Notepad window will open with some text in it

Save the Notepad file to your desktop as BootCheck.txt

Copy the contents of BootCheck.txt and post it in your next reply

Link to post
Share on other sites

When I run BootCheck it says "Unsupported Version Press any key to continue..."

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: "C:\$RECYCLE.BIN" is a folder, not a file!

Deletion of file "C:\$RECYCLE.BIN" failed!

Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)

--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

Completed script processing.

*******************

Finished! Terminate.

Link to post
Share on other sites

Well, it appears that $Recycle.bin is a folder, and not a file. We'll use Avenger to get it out of the way.

  • RIGHT-click on avenger.exe and select Run as Administrator to start The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Folders to delete:C:\$RECYCLE.BIN


  • In the avenger window, click the Paste Script from Clipboard icon, pastets4.png button.
  • :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.

Not all the items will be found; so do not worry. Hopefully enough of the rootkit will be removed so that we can continue forward with more cleaning.

If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.

and then reboot the system again.

Next, start HijackThis. Do a new Scan, and Save the log.

Next, I just would like for you to take a look at C:\Boot.ini file

Start Notepad. Open C:\Boot.ini

Using just the keyboard to do a Select All, and then a Copy to clipboard

do

CTRL+A

then

CTRL+C

Put a copy of that in your next reply, along with a copy of the new HijackThis log.

Link to post
Share on other sites

Last night I decided I would keep the computer on that loading screen just to see if maybe it needed more time. I woke up and it was asking me for my password and now for some reason it's working. Computers confuse me sometimes. Also, boot.ini doesn't appear to be there. So I did a search and still found nothing.

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Folder "C:\$RECYCLE.BIN" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:12:42 AM, on 4/12/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\WINDOWS\SYSTEM32\NOTEPAD.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Curse\CurseClient.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\Program Files\Toshiba Registration\Registration.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKCU\..\Run: [155732904] C:\Program Files\Toshiba Registration\Registration.exe /r "C:\Program Files\Toshiba Registration\Registration.rpd"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe

O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

--

End of file - 8961 bytes

Link to post
Share on other sites

I had forgotten this is running on Vista. :D hence, that's why no Boot.ini sorry.

4-clap.gif It is a big relief to know that normal mode is back !!!

Start your MBAM.

Click the Settings Tab. Make sure all option lines have a checkmark.

Click the Update tab. Press the "Check for Updates" button.

At this time, the current definitions are # 1967 or later. The latest program version is 1.36 (released April 6)

When done, click the Scanner tab.

Do a Quick Scan. Let it quarantine or remove tagged items. Get a copy of that log in your next reply.

At this time, start your TrendMicro. Use the update function and get it all updated, and then do a full scan of the system. Save the results.

Then, for another check, Scan the system with the Kaspersky Online Scanner

http://www.kaspersky.com/virusscanner

icon_arrow.gifAttention: Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have Anti-Virus software installed, please temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

During this run, make sure your browser does not block popup windows. Have patience while some screens populate.

1) Click the Kapersky Online Scanner button. You'll see a popup window.

2) Accept the agreement

3) Accept the installation of the required ActiveX object ( XP SP2-SP3 will show this in the Information Bar )

4) For XP SP2-SP3, click the Install button when prompted

5) The necessary files will be downloaded and installed. Please have plenty of patience.

6) After Kaspersky AntiVirus Database is updated, look at the Scan box.

7) Click the My Computer line

8 ) Be infinetely patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares

9) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Copy and paste the report into your reply.

( To see an animated tutorial-how-to on the scan, see >>this link<<)

Re-enable your antivirus program after Kaspersky has finished.

Kapersky Online Scanner can be uninstalled later on from Add or Remove Programs in the Control Panel, if desired.

Do not be alarmed if Kaspersky tags items that are already in quarantine by MBAM, or SmitFraudFix items, or ComboFix's Qoobox & quarantine.

Kaspersky is a report only and does not remove files.

If I did not have you download OTListIt2 beforehand, then Download OTListIt by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTListIt2.exe

  • Close all open windows on the Task Bar. For Vista, RIGHT-click the icon and Run as Administrator to start the program.
  • In the upper right, at File Scans/ File age, click the drop-down and select 60 days.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • In the lower left at Extra Registry, checkmark Use Safelist
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTListIt.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTListIt2 by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Post back with copies of the MBAM log

Kaspersky.txt report,

OTListIt.txt

Extras.txt

checkup.txt

How is your system now ?

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.36

Database version: 1970

Windows 6.0.6001 Service Pack 1

4/12/2009 12:16:07 PM

mbam-log-2009-04-12 (12-16-07).txt

Scan type: Quick Scan

Objects scanned: 61265

Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Sunday, April 12, 2009

Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Sunday, April 12, 2009 19:59:49

Records in database: 2038355

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

Scan statistics:

Files scanned: 156474

Threat name: 1

Infected objects: 1

Suspicious objects: 0

Duration of the scan: 02:31:47

File name / Threat name / Threats count

C:\Program Files\Trend Micro\Internet Security\Quarantine\5B21.tmp Infected: Trojan.Win32.Agent2.gxn 1

The selected area was scanned.

Link to post
Share on other sites

OTListIt logfile created on: 4/12/2009 6:30:33 PM - Run 1

OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\Scott\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 60.23% Memory free

3.74 Gb Paging File | 2.64 Gb Available in Paging File | 70.52% Paging File free

Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 231.42 Gb Total Space | 143.76 Gb Free Space | 62.12% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SCOTT-PC

Current User Name: Scott

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Standard

File Age = 60 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

PRC - [2008/04/23 01:03:10 | 00,671,744 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe

PRC - [2008/04/23 01:03:10 | 00,671,744 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe

PRC - [2006/10/05 15:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\system32\agrsmsvc.exe

PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2008/04/17 03:19:48 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2007/01/25 21:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe

PRC - [2007/10/23 19:27:16 | 00,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

PRC - [2008/04/11 03:51:58 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2007/11/21 20:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\TODDSrv.exe

PRC - [2008/02/06 16:52:40 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

PRC - [2007/12/03 20:03:52 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

PRC - [2008/04/24 21:35:46 | 00,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

PRC - [2008/04/08 18:14:50 | 06,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007/12/06 21:12:44 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PRC - [2008/02/06 16:52:52 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

PRC - [2007/06/16 00:01:58 | 00,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

PRC - [2008/03/19 16:35:44 | 00,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

PRC - [2008/04/17 03:21:24 | 01,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

PRC - [2008/04/24 16:03:12 | 00,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

PRC - [2009/03/30 13:21:41 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/03/19 14:59:58 | 00,065,603 | ---- | M] (DataLode, Inc.) -- C:\Program Files\Toshiba Registration\Registration.exe

PRC - [2008/01/20 22:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe

PRC - [2008/01/20 22:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe

PRC - [2007/07/17 14:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

PRC - [2008/04/17 03:19:16 | 00,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2007/12/06 21:12:58 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

PRC - [2007/07/17 14:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2009/03/26 15:11:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/12 11:58:45 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/10/05 15:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\system32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])

SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

SRV - [2008/04/23 01:03:10 | 00,671,744 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])

SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008/04/17 03:19:48 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service [Auto | Running])

SRV - [2008/01/20 22:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])

SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])

SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])

SRV - [2008/01/29 13:09:58 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])

SRV - [2009/03/31 09:31:56 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])

SRV - [2005/11/14 04:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

SRV - [2008/04/16 18:53:00 | 00,954,368 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi [On_Demand | Stopped])

SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2007/01/25 21:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger [Auto | Running])

SRV - [2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])

SRV - [2008/08/07 12:12:38 | 01,073,544 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])

SRV - [2009/02/18 17:09:50 | 00,700,760 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Stopped])

SRV - [2008/04/24 21:35:46 | 00,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv [On_Demand | Running])

SRV - [2007/10/23 19:27:16 | 00,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running])

SRV - [2008/02/15 11:03:36 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Stopped])

SRV - [2008/02/26 14:19:46 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Stopped])

SRV - [2008/04/11 03:51:58 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv [Auto | Running])

SRV - [2007/11/21 20:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\TODDSrv.exe -- (TODDSrv [Auto | Running])

SRV - [2008/02/06 16:52:40 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])

SRV - [2007/12/03 20:03:52 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service [Auto | Running])

SRV - [2008/01/20 22:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])

SRV - [2008/01/20 22:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/01/20 22:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])

DRV - [2008/01/20 22:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])

DRV - [2008/01/20 22:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])

DRV - [2008/01/20 22:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])

DRV - [2006/11/28 18:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\Windows\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])

DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])

DRV - [2008/01/20 22:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])

DRV - [2008/01/20 22:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])

DRV - [2008/01/20 22:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])

DRV - [2008/04/18 03:54:16 | 00,909,824 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\system32\DRIVERS\athr.sys -- (athr [On_Demand | Running])

DRV - [2008/04/23 03:36:32 | 03,551,232 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])

DRV - [2006/10/30 14:23:12 | 00,007,680 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie [boot | Running])

DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])

DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])

DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])

DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])

DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])

DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])

DRV - [2008/01/20 22:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])

DRV - [2008/01/20 22:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])

DRV - [2008/01/20 22:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])

DRV - [2006/11/20 17:11:14 | 00,007,168 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\FwLnk.sys -- (FwLnk [On_Demand | Running])

DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

DRV - [2008/01/20 22:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])

DRV - [2008/01/20 22:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])

DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])

DRV - [2008/06/02 15:19:12 | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec [On_Demand | Stopped])

DRV - [2008/06/02 15:19:16 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\system32\drivers\iksysflt.sys -- (IKSysFlt [On_Demand | Stopped])

DRV - [2008/06/10 21:22:52 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\system32\drivers\iksyssec.sys -- (IKSysSec [On_Demand | Stopped])

DRV - [2008/04/09 21:00:04 | 02,095,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])

DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])

DRV - [2008/04/28 19:59:18 | 00,020,384 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\system32\DRIVERS\jswpslwf.sys -- (jswpslwf [system | Running])

DRV - [2006/11/09 02:32:00 | 00,219,264 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I [Disabled | Stopped])

DRV - [2006/11/09 02:31:00 | 00,211,072 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N [Disabled | Stopped])

DRV - [2008/01/20 22:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])

DRV - [2008/01/20 22:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])

DRV - [2008/01/20 22:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])

DRV - [2008/01/20 22:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])

DRV - [2008/01/20 22:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])

DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])

DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])

DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])

DRV - [2008/01/20 22:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])

DRV - [2008/01/20 22:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])

DRV - [2008/02/22 22:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2008/01/20 22:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])

DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])

DRV - [2008/04/15 13:05:08 | 00,118,784 | ---- | M] (Realtek Corporation ) -- C:\Windows\system32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])

DRV - [2008/04/02 20:26:08 | 00,062,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTSTOR.SYS -- (RTSTOR [On_Demand | Running])

DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])

DRV - [2008/01/20 22:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])

DRV - [2009/04/01 20:26:11 | 00,685,816 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])

DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])

DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])

DRV - [2007/12/06 21:12:48 | 00,196,400 | ---- | M] (Synaptics, Inc.) -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])

DRV - [2007/12/14 14:53:24 | 00,024,200 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\system32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])

DRV - [2008/02/15 11:06:44 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\DRIVERS\tmactmon.sys -- (tmactmon [Auto | Stopped])

DRV - [2008/02/15 11:06:44 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\DRIVERS\tmcomm.sys -- (tmcomm [Auto | Running])

DRV - [2008/02/15 11:06:44 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\DRIVERS\tmevtmgr.sys -- (tmevtmgr [Auto | Stopped])

DRV - [2008/08/16 03:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\DRIVERS\tmpreflt.sys -- (tmpreflt [Auto | Running])

DRV - [2008/02/15 11:06:44 | 00,065,936 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\DRIVERS\tmtdi.sys -- (tmtdi [system | Running])

DRV - [2008/08/16 03:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\DRIVERS\tmxpflt.sys -- (tmxpflt [Auto | Running])

DRV - [2008/04/11 00:25:30 | 00,285,184 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32 [boot | Running])

DRV - [2007/11/09 17:00:52 | 00,023,640 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ [boot | Running])

DRV - [2008/01/20 22:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])

DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])

DRV - [2008/01/20 22:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])

DRV - [2007/12/17 14:45:20 | 00,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])

DRV - [2008/01/20 22:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])

DRV - [2008/08/16 02:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\DRIVERS\vsapint.sys -- (vsapint [Auto | Running])

DRV - [2008/01/20 22:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/09 20:53:02 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/12 14:10:59 | 00,000,000 | ---D | M]

[2009/03/30 13:36:56 | 00,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\mozilla\Extensions

[2009/03/30 13:36:56 | 00,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/04/12 14:11:30 | 00,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\90uqbl17.default\extensions

[2009/04/12 14:11:30 | 00,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\mozilla\Firefox\Profiles\90uqbl17.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009/04/12 14:11:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/03/30 13:36:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/04/12 14:11:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/03/26 15:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/03/26 15:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O4 - HKLM..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start (Chicony)

O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found

O4 - HKLM..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)

O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found

O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)

O4 - HKLM..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)

O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

O4 - HKCU..\Run: [155732904] C:\Program Files\Toshiba Registration\Registration.exe /r "C:\Program Files\Toshiba Registration\Registration.rpd" (DataLode, Inc.)

O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 60 Days ==========

[2009/04/12 16:52:04 | 00,001,180 | ---- | C] () -- C:\Users\Scott\Desktop\FINAL FANTASY XI.LNK

[2009/04/12 16:46:31 | 00,532,626 | ---- | C] () -- C:\Users\Scott\Desktop\SecurityCheck.exe

[2009/04/12 14:11:42 | 00,000,000 | ---D | C] -- C:\Windows\Sun

[2009/04/12 11:58:39 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTListIt2.exe

[2009/04/12 10:08:57 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2009/04/12 10:07:56 | 00,000,000 | ---D | C] -- C:\Avenger

[2009/04/12 10:06:58 | 02,958,189 | -H-- | C] () -- C:\Users\Scott\AppData\Local\IconCache.db

[2009/04/12 10:06:26 | 00,000,000 | ---D | C] -- C:\Users\Scott\Desktop\New Folder

[2009/04/11 23:21:11 | 18,767,83104 | -HS- | C] () -- C:\hiberfil.sys

[2009/04/11 21:46:27 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\IGN_DLM

[2009/04/11 21:14:40 | 00,000,000 | ---D | C] -- C:\Program Files\Download Manager

[2009/04/11 17:18:38 | 00,000,000 | ---D | C] -- C:\Users\Scott\Documents\Downloads

[2009/04/11 17:16:38 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\DivX

[2009/04/11 17:15:18 | 00,000,000 | ---D | C] -- C:\Program Files\DivX

[2009/04/11 10:54:40 | 00,000,000 | ---D | C] -- C:\Program Files\iPod(8)

[2009/04/11 10:54:37 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/04/11 10:54:37 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes(9)

[2009/04/11 09:59:48 | 00,000,000 | ---D | C] -- C:\Windows\temp

[2009/04/11 09:55:15 | 00,000,000 | ---D | C] -- C:\Combo-Fix

[2009/04/11 09:53:53 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/04/11 09:30:35 | 00,000,680 | ---- | C] () -- C:\Users\Scott\AppData\Local\d3d9caps.dat

[2009/04/11 09:11:57 | 00,724,952 | ---- | C] () -- C:\Users\Scott\Desktop\avenger.zip

[2009/04/11 09:11:32 | 04,770,605 | ---- | C] () -- C:\Users\Scott\Desktop\f-downadup.zip

[2009/04/11 09:11:23 | 00,162,204 | ---- | C] () -- C:\Users\Scott\Desktop\KKiller_v3.4.3.zip

[2009/04/10 17:06:54 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Move Networks

[2009/04/10 09:02:54 | 00,001,885 | ---- | C] () -- C:\Users\Scott\Desktop\HijackThis.lnk

[2009/04/10 08:46:27 | 00,001,681 | ---- | C] () -- C:\Users\Scott\Desktop\CCleaner.lnk

[2009/04/10 08:46:26 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/04/10 00:04:42 | 00,003,584 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/04/09 22:22:09 | 00,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/04/09 22:22:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/04/09 22:22:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/04/09 20:53:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\logs

[2009/04/09 20:53:27 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\BitDefender

[2009/04/09 20:52:50 | 00,000,000 | ---D | C] -- C:\ProgramData\BitDefender

[2009/04/09 20:52:50 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender

[2009/04/09 20:48:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender

[2009/04/09 10:40:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/04/08 23:42:53 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Malwarebytes

[2009/04/08 23:06:51 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\True Sword

[2009/04/08 22:53:47 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2009/04/08 22:53:44 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\SUPERAntiSpyware.com

[2009/04/08 22:34:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/04/08 22:11:29 | 00,000,000 | ---D | C] -- C:\Program Files\Marcos Velasco Security

[2009/04/08 22:10:37 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Antispyware

[2009/04/03 08:28:26 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2009/04/01 21:29:08 | 00,000,000 | ---D | C] -- C:\Users\Scott\Documents\My Spore Creations

[2009/04/01 21:28:50 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\SPORE

[2009/04/01 21:27:22 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll

[2009/04/01 20:54:32 | 00,000,000 | ---D | C] -- C:\Windows\Minidump

[2009/04/01 20:54:17 | 25,080,9151 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2009/04/01 20:49:38 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts

[2009/04/01 20:44:39 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro

[2009/04/01 20:37:34 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\DAEMON Tools Pro

[2009/04/01 20:36:11 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro

[2009/04/01 20:26:11 | 00,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2009/04/01 17:31:03 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\CurseClient

[2009/04/01 17:24:41 | 00,000,000 | ---D | C] -- C:\Program Files\Curse

[2009/04/01 15:43:21 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Adobe

[2009/04/01 08:55:26 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\WinRAR

[2009/04/01 08:29:30 | 00,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2009/03/31 20:37:45 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment

[2009/03/31 19:30:06 | 00,000,000 | ---D | C] -- C:\Program Files\PlayOnline

[2009/03/31 18:47:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment

[2009/03/31 14:07:41 | 00,000,000 | ---D | C] -- C:\Windows\System32\log

[2009/03/31 10:14:44 | 00,016,776 | ---- | C] () -- C:\Users\Scott\Desktop\Case Study.docx

[2009/03/31 09:37:36 | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksyssec.sys

[2009/03/31 09:37:36 | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksysflt.sys

[2009/03/31 09:37:36 | 00,042,376 | ---- | C] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\ikfilesec.sys

[2009/03/31 09:37:36 | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\kcom.sys

[2009/03/31 09:37:27 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\PC Tools

[2009/03/31 09:37:27 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2009/03/31 09:37:27 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2009/03/31 09:32:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Google Updater

[2009/03/31 09:31:59 | 00,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job

[2009/03/30 23:06:28 | 00,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Trend Micro AntiVirus plus AntiSpyware.lnk

[2009/03/30 23:06:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Trend Micro

[2009/03/30 23:03:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/03/30 21:22:56 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2009/03/30 21:18:12 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2009/03/30 21:18:09 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\uTorrent

[2009/03/30 18:05:40 | 00,000,000 | ---D | C] -- C:\Users\Scott\Documents\My Received Files

[2009/03/30 17:44:08 | 00,001,996 | ---- | C] () -- C:\Users\Scott\Desktop\Windows Live Messenger.lnk

[2009/03/30 15:45:31 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/03/30 15:45:31 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009/03/30 15:45:31 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll

[2009/03/30 15:45:30 | 00,754,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll

[2009/03/30 15:45:30 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll

[2009/03/30 15:45:30 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

[2009/03/30 15:45:30 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe

[2009/03/30 15:45:30 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll

[2009/03/30 15:45:30 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll

[2009/03/30 15:45:30 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll

[2009/03/30 15:45:30 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll

[2009/03/30 15:45:30 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll

[2009/03/30 15:45:29 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex

[2009/03/30 15:45:29 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll

[2009/03/30 15:45:29 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll

[2009/03/30 15:45:29 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll

[2009/03/30 15:45:29 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll

[2009/03/30 15:45:29 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll

[2009/03/30 15:45:29 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll

[2009/03/30 15:45:29 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll

[2009/03/30 15:45:29 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll

[2009/03/30 15:45:29 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll

[2009/03/30 15:45:29 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll

[2009/03/30 15:45:28 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll

[2009/03/30 15:45:28 | 01,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll

[2009/03/30 15:45:28 | 01,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll

[2009/03/30 15:45:28 | 00,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll

[2009/03/30 15:45:28 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe

[2009/03/30 15:45:28 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll

[2009/03/30 15:45:28 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll

[2009/03/30 15:45:28 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe

[2009/03/30 15:44:37 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2009/03/30 14:07:00 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Apple Computer

[2009/03/30 14:07:00 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Apple Computer

[2009/03/30 14:06:53 | 00,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2009/03/30 14:06:49 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE

[2009/03/30 14:06:37 | 00,000,000 | ---D | C] -- C:\Program Files\iPod

[2009/03/30 14:06:36 | 00,000,000 | ---D | C] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2009/03/30 14:06:36 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes

[2009/03/30 14:06:26 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2009/03/30 14:06:06 | 00,001,737 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2009/03/30 14:05:35 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2009/03/30 14:05:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2009/03/30 14:05:15 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Apple

[2009/03/30 14:05:12 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2009/03/30 14:04:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2009/03/30 14:04:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple

[2009/03/30 14:00:22 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

[2009/03/30 14:00:22 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll

[2009/03/30 14:00:21 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe

[2009/03/30 14:00:21 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2009/03/30 14:00:21 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl

[2009/03/30 14:00:21 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll

[2009/03/30 14:00:20 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll

[2009/03/30 14:00:18 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2009/03/30 13:54:02 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll

[2009/03/30 13:53:59 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll

[2009/03/30 13:53:59 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2009/03/30 13:53:50 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll

[2009/03/30 13:53:46 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll

[2009/03/30 13:49:47 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Microsoft Help

[2009/03/30 13:45:35 | 00,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe

[2009/03/30 13:45:35 | 00,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe

[2009/03/30 13:45:35 | 00,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll

[2009/03/30 13:45:35 | 00,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll

[2009/03/30 13:45:34 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll

[2009/03/30 13:45:34 | 00,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe

[2009/03/30 13:45:34 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll

[2009/03/30 13:45:34 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll

[2009/03/30 13:45:34 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe

[2009/03/30 13:45:34 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll

[2009/03/30 13:44:50 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll

[2009/03/30 13:44:50 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll

[2009/03/30 13:44:50 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2009/03/30 13:44:46 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL

[2009/03/30 13:44:41 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll

[2009/03/30 13:44:33 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll

[2009/03/30 13:44:32 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll

[2009/03/30 13:44:31 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll

[2009/03/30 13:44:31 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll

[2009/03/30 13:44:30 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2009/03/30 13:44:30 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll

[2009/03/30 13:44:29 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2009/03/30 13:44:28 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2009/03/30 13:44:28 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2009/03/30 13:44:19 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll

[2009/03/30 13:44:18 | 00,891,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys

[2009/03/30 13:44:18 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys

[2009/03/30 13:44:18 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll

[2009/03/30 13:44:13 | 11,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll

[2009/03/30 13:44:05 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll

[2009/03/30 13:44:03 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll

[2009/03/30 13:44:00 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys

[2009/03/30 13:43:58 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll

[2009/03/30 13:43:52 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2009/03/30 13:43:51 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2009/03/30 13:43:51 | 01,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2009/03/30 13:43:49 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll

[2009/03/30 13:43:48 | 01,191,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll

[2009/03/30 13:43:46 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2009/03/30 13:43:40 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2009/03/30 13:43:40 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2009/03/30 13:43:39 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2009/03/30 13:43:38 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2009/03/30 13:43:38 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2009/03/30 13:43:38 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax

[2009/03/30 13:43:33 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll

[2009/03/30 13:43:32 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll

[2009/03/30 13:43:31 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2009/03/30 13:43:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx

[2009/03/30 13:43:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll

[2009/03/30 13:41:59 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll

[2009/03/30 13:41:56 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll

[2009/03/30 13:41:47 | 00,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll

[2009/03/30 13:41:04 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll

[2009/03/30 13:41:00 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll

[2009/03/30 13:41:00 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll

[2009/03/30 13:40:48 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys

[2009/03/30 13:40:45 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

[2009/03/30 13:40:41 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll

[2009/03/30 13:40:40 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys

[2009/03/30 13:40:40 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys

[2009/03/30 13:40:40 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll

[2009/03/30 13:40:40 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2009/03/30 13:39:46 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll

[2009/03/30 13:39:39 | 02,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2009/03/30 13:39:38 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL

[2009/03/30 13:39:37 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll

[2009/03/30 13:39:37 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe

[2009/03/30 13:39:35 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2009/03/30 13:39:35 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2009/03/30 13:39:35 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll

[2009/03/30 13:39:35 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll

[2009/03/30 13:39:35 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe

[2009/03/30 13:39:35 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx

[2009/03/30 13:39:35 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe

[2009/03/30 13:39:35 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll

[2009/03/30 13:36:56 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/03/30 13:36:55 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Mozilla

[2009/03/30 13:36:55 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Mozilla

[2009/03/30 13:36:53 | 00,001,735 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2009/03/30 13:36:49 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2009/03/30 13:33:20 | 03,601,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2009/03/30 13:33:20 | 03,549,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2009/03/30 13:33:17 | 01,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll

[2009/03/30 13:33:16 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll

[2009/03/30 13:30:08 | 00,738,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll

[2009/03/30 13:29:23 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Macromedia

[2009/03/30 13:27:36 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2009/03/30 13:27:34 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2009/03/30 13:24:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2009/03/30 13:24:47 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2009/03/30 13:24:41 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2009/03/30 13:24:21 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2009/03/30 13:21:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/03/30 13:19:59 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll

[2009/03/30 13:19:59 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2009/03/30 13:19:59 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe

[2009/03/30 13:19:59 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2009/03/30 13:19:33 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2009/03/30 13:19:33 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2009/03/30 13:19:33 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2009/03/30 13:19:18 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2009/03/30 13:19:18 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2009/03/30 13:18:55 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Adobe

[2009/03/30 13:06:59 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll

[2009/03/30 13:06:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Toshiba Shared

[2009/03/30 13:04:49 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI

[2009/03/30 13:03:52 | 00,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009/03/30 12:21:05 | 00,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys

[2009/03/30 12:05:38 | 00,020,384 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\jswpslwf.sys

[2009/03/30 12:05:33 | 00,000,000 | ---D | C] -- C:\Program Files\Jumpstart

[2009/03/30 12:03:44 | 00,909,824 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys

[2009/03/30 12:03:44 | 00,000,000 | ---D | C] -- C:\Program Files\Atheros

[2009/03/30 12:03:43 | 00,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll

[2009/03/30 12:03:43 | 00,376,832 | ---- | C] (Atheros) -- C:\Windows\System32\S64CPA.exe

[2009/03/30 12:03:43 | 00,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll

[2009/03/30 12:03:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\nn-NO

[2009/03/30 12:03:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Atheros

[2009/03/30 12:02:38 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini

[2009/03/30 12:02:38 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll

[2009/03/30 12:02:38 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini

[2009/03/30 12:02:38 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

[2009/03/30 12:02:38 | 00,000,000 | ---D | C] -- C:\Program Files\ltmoh

[2009/03/30 12:01:59 | 00,000,000 | ---D | C] -- C:\Windows\Options

[2009/03/30 11:59:02 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf

[2009/03/30 11:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Synaptics

[2009/03/30 11:54:48 | 00,018,432 | ---- | C] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\drivers\UVCFTR_S.SYS

[2009/03/30 11:54:46 | 00,000,000 | ---D | C] -- C:\Program Files\Camera Assistant Software for Toshiba

[2009/03/30 11:53:47 | 00,000,553 | ---- | C] () -- C:\Windows\USetup.iss

[2009/03/30 11:52:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM

[2009/03/30 11:52:04 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Google

[2009/03/30 11:52:02 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2009/03/30 11:52:00 | 00,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll

[2009/03/30 11:52:00 | 00,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll

[2009/03/30 11:52:00 | 00,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll

[2009/03/30 11:52:00 | 00,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll

[2009/03/30 11:51:59 | 06,037,504 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

[2009/03/30 11:51:59 | 00,140,288 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll

[2009/03/30 11:51:59 | 00,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\maxxaudioapo.dll

[2009/03/30 11:49:59 | 00,000,000 | ---D | C] -- C:\Users\Scott\Documents\My Google Gadgets

[2009/03/30 11:49:57 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\ATI

[2009/03/30 11:49:57 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\ATI

[2009/03/30 11:49:56 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Toshiba

[2009/03/30 11:49:47 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Google

[2009/03/30 11:49:43 | 00,099,864 | ---- | C] () -- C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/03/30 11:49:38 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Symantec

[2009/03/30 11:49:21 | 00,000,402 | -HS- | C] () -- C:\Users\Scott\Documents\desktop.ini

[2009/03/30 11:49:21 | 00,000,282 | -HS- | C] () -- C:\Users\Scott\Desktop\desktop.ini

[2009/03/30 11:49:21 | 00,000,174 | -HS- | C] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

[2009/03/30 11:49:09 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Identities

[2009/03/30 11:49:05 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\VirtualStore

[2009/03/30 11:49:03 | 00,000,016 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys

[2009/03/30 11:48:35 | 00,000,000 | -HSD | C] -- C:\Users\Scott\Documents\My Videos

[2009/03/30 11:48:35 | 00,000,000 | -HSD | C] -- C:\Users\Scott\Documents\My Pictures

[2009/03/30 11:48:35 | 00,000,000 | -HSD | C] -- C:\Users\Scott\Documents\My Music

[2009/03/30 11:48:35 | 00,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\Temporary Internet Files

[2009/03/30 11:48:35 | 00,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\History

[2009/03/30 11:48:35 | 00,000,000 | -HSD | C] -- C:\Users\Scott\AppData\Local\Application Data

[2009/03/30 11:48:35 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Media Center Programs

[2009/03/30 11:48:35 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Temp

[2009/03/30 11:48:35 | 00,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Microsoft

[2009/03/30 11:48:34 | 00,000,000 | --SD | C] -- C:\Users\Scott\AppData\Roaming\Microsoft

[2009/03/30 11:48:23 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2009/03/30 11:46:41 | 00,000,000 | ---D | C] -- C:\Program Files\ATI

[2009/03/30 11:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Suite Activation Assistant

[2009/03/30 11:39:01 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2009/03/30 11:38:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2009/03/30 11:38:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2009/03/30 11:37:52 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2009/03/30 11:37:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2009/03/30 11:35:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2009/03/30 11:35:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2009/03/30 11:31:16 | 00,000,000 | RH-D | C] -- C:\MSOCache

[2009/03/30 11:30:32 | 00,000,000 | ---D | C] -- C:\OffPro07Trial

[2009/03/30 11:26:39 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2009/03/30 11:25:55 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

[2009/03/30 11:21:46 | 00,000,000 | -HSD | C] -- C:\System Volume Information

[2008/05/05 14:41:42 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2008/04/24 21:43:50 | 00,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll

[2008/04/24 21:42:44 | 00,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll

[2008/04/24 21:25:46 | 06,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll

[2008/04/24 21:25:46 | 00,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll

[2008/04/24 21:25:46 | 00,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll

[2008/04/24 21:23:58 | 00,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll

[2008/04/23 01:05:08 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini

[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/09 12:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Files - Modified Within 60 Days ==========

[2009/04/12 18:08:52 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/04/12 18:08:52 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/04/12 16:52:04 | 00,001,180 | ---- | M] () -- C:\Users\Scott\Desktop\FINAL FANTASY XI.LNK

[2009/04/12 16:46:46 | 00,532,626 | ---- | M] () -- C:\Users\Scott\Desktop\SecurityCheck.exe

[2009/04/12 15:24:10 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/04/12 15:24:10 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/04/12 15:24:10 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/04/12 14:55:14 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2009/04/12 11:58:45 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTListIt2.exe

[2009/04/12 10:08:32 | 00,370,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/04/12 10:08:28 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/04/12 10:08:22 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/04/12 10:08:07 | 18,767,83104 | -HS- | M] () -- C:\hiberfil.sys

[2009/04/12 10:06:58 | 02,958,189 | -H-- | M] () -- C:\Users\Scott\AppData\Local\IconCache.db

[2009/04/11 22:29:35 | 00,000,680 | ---- | M] () -- C:\Users\Scott\AppData\Local\d3d9caps.dat

[2009/04/11 09:12:17 | 04,770,605 | ---- | M] () -- C:\Users\Scott\Desktop\f-downadup.zip

[2009/04/11 09:12:12 | 00,724,952 | ---- | M] () -- C:\Users\Scott\Desktop\avenger.zip

[2009/04/11 09:11:24 | 00,162,204 | ---- | M] () -- C:\Users\Scott\Desktop\KKiller_v3.4.3.zip

[2009/04/10 22:13:32 | 00,016,776 | ---- | M] () -- C:\Users\Scott\Desktop\Case Study.docx

[2009/04/10 09:02:54 | 00,001,885 | ---- | M] () -- C:\Users\Scott\Desktop\HijackThis.lnk

[2009/04/10 08:46:27 | 00,001,681 | ---- | M] () -- C:\Users\Scott\Desktop\CCleaner.lnk

[2009/04/10 00:04:42 | 00,003,584 | ---- | M] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/04/09 22:46:35 | 00,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/04/09 22:06:51 | 00,099,864 | ---- | M] () -- C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/04/02 10:25:37 | 25,080,9151 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2009/04/01 20:26:11 | 00,685,816 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys

[2009/04/01 08:29:30 | 00,004,096 | ---- | M] () -- C:\Windows\d3dx.dat

[2009/03/31 03:04:06 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini

[2009/03/30 23:06:28 | 00,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Trend Micro AntiVirus plus AntiSpyware.lnk

[2009/03/30 18:24:02 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2009/03/30 17:44:08 | 00,001,996 | ---- | M] () -- C:\Users\Scott\Desktop\Windows Live Messenger.lnk

[2009/03/30 14:46:23 | 00,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf

[2009/03/30 14:06:06 | 00,001,737 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2009/03/30 13:36:56 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

[2009/03/30 13:36:53 | 00,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2009/03/30 13:03:52 | 00,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

[2009/03/30 12:21:05 | 00,000,004 | RHS- | M] () -- C:\Windows\System32\drivers\taishop.sys

[2009/03/30 11:59:02 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf

[2009/03/30 11:52:03 | 00,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2009/03/30 11:49:21 | 00,000,402 | -HS- | M] () -- C:\Users\Scott\Documents\desktop.ini

[2009/03/30 11:49:21 | 00,000,282 | -HS- | M] () -- C:\Users\Scott\Desktop\desktop.ini

[2009/03/30 11:49:21 | 00,000,174 | -HS- | M] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

[2009/03/30 11:49:03 | 00,000,016 | RHS- | M] () -- C:\Windows\System32\drivers\fbd.sys

[2009/03/30 11:42:41 | 00,000,370 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini

[2009/03/30 11:25:55 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

========== LOP Check ==========

[2009/04/12 14:55:14 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job

[2009/04/12 10:08:28 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT

[2009/04/12 10:07:05 | 00,013,418 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

OTListIt Extras logfile created on: 4/12/2009 6:30:33 PM - Run 1

OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\Scott\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 60.23% Memory free

3.74 Gb Paging File | 2.64 Gb Available in Paging File | 70.52% Paging File free

Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 231.42 Gb Total Space | 143.76 Gb Free Space | 62.12% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SCOTT-PC

Current User Name: Scott

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Standard

File Age = 60 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3415056340-2413237859-3634628190-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2007/01/25 21:49:34 | 00,472,688 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine

[2007/01/25 21:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{07C9627A-CA0B-2AA2-062E-204359DF7BA1}" = Catalyst Control Center Core Implementation

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree

"{0EFB2016-41D2-5F30-8F60-25250F6DABDD}" = CCC Help Thai

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support

"{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}" = Catalyst Control Center Localization Japanese

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{27265B80-303E-EFFF-6052-B11F91B634C3}" = Catalyst Control Center Localization Italian

"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup

"{2920435D-CE92-5024-1694-DFD43A5FF074}" = Catalyst Control Center Localization Greek

"{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}" = CCC Help Finnish

"{358004B9-3A16-87FF-4487-4D6F0C70E52F}" = Catalyst Control Center Localization Russian

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{38A3E884-313A-7AE0-11BC-482DE0C8766A}" = CCC Help Czech

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}" = Catalyst Control Center Localization Czech

"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia

"{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}" = Catalyst Control Center Graphics Previews Vista

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master

"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password

"{4C90501F-864B-5AC4-867D-6AC35BE50721}" = ccc-utility

"{55398A75-13E0-570F-BD16-2EE5D9E5523D}" = Catalyst Control Center Localization Norwegian

"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5F131988-3326-AD64-1817-D76A2FE3C2D3}" = CCC Help Chinese Traditional

"{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}" = CCC Help Italian

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{61C63422-E5E2-8576-2B82-0E01F5AD2538}" = CCC Help English

"{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}" = Catalyst Control Center Graphics Light

"{629044C7-745A-64B8-467F-2F93ED50008B}" = CCC Help Chinese Standard

"{65BF23C0-4EF9-27CC-7B6F-190F4008A569}" = Catalyst Control Center Localization Polish

"{65D602E4-DCDE-0743-6A0A-F1A203449F47}" = CCC Help German

"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI

"{68BEE9AE-D577-4CFA-9201-02B0CF288FC5}" = Memeo AutoBackup

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding

"{6B4874CA-13CF-2477-B697-B448201B56B6}" = CCC Help Norwegian

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}" = CCC Help Japanese

"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart

"{70495081-1DC8-AD4B-C197-12138B8FBC9E}" = CCC Help Danish

"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus

"{71B929E2-3556-93DB-DEC0-FD56D3EFB473}" = Catalyst Control Center Localization Chinese Traditional

"{71C47830-182D-79FA-0790-0366E6E2C2EB}" = Catalyst Control Center Localization Spanish

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73B52EA8-8A5C-4FF5-A9F2-1A0F3259C3D2}" = TOSHIBA Application Disc Creator

"{77CAD946-C573-6647-B222-B6870C072932}" = CCC Help Korean

"{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}" = Catalyst Control Center Localization Turkish

"{86728841-C151-B8E4-43C6-DD289DE570B6}" = Catalyst Control Center Localization Swedish

"{86DBA852-5D5E-1856-D828-620E792EDC0D}" = Catalyst Control Center Localization Chinese Standard

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}" = Catalyst Control Center Localization Thai

"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center

"{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}" = Catalyst Control Center Localization Dutch

"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}" = Catalyst Control Center Localization German

"{93F3EBDD-4007-C233-7320-977AC0941054}" = CCC Help Turkish

"{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}" = ccc-core-static

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE

Link to post
Share on other sites

Unless you have purchased Malwarebytes' Anti Malware {MBAM}, you need to un-install it. Go to Control Panel and Add-or-Remove programs.

Look for it and click the line for it. Select Change/Remove to de-install it.

Also look for and de-install Kaspersky Online scan.

Have you applied the KB958644 Security Update? Microsoft released a fix last October 2008 !

If you bring up Add-or-Remove programs, make sure it Shows all updates, do you see an entry

Security Update for Windows (KB958644) ?

If it is listed, the fix takes care of the vulnerability that Conficker depends on.

OK & Exit out of Control Panel

If you do not have this fix, do this immediately:

You may get the fix by clicking the link for your Windows version at this MS webpage

http://www.microsoft.com/technet/security/...n/MS08-067.mspx

or by making a direct visit to Windows Update

http://update.microsoft.com

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combo-fix :!:D, put that name in the RUN box stated just below. The "/u" in the Run line below is to start Combofix for it's cleanup & removal function.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
    In the command box that opens, type or copy/paste c:\users\Scott\Desktop\Combo-Fix.exe /u and then click OK.

Be sure to have the space after the exe in the above. Best to copy and then paste the command.

  • Locate & RIGHT-click OTListIt2.exe and select Run as Administrator to start it.
  • Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTListIt2 attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

We are finished here. Best regards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.