Jump to content

updated hijack log advice appreciated


Recommended Posts

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click Scan

On completion of the scan

Click the Fix for TDL4 or FIXMBR for Whistler Button Select as appropriate

Save the log as before and post in your next reply.

Link to post
Share on other sites

  • Replies 132
  • Created
  • Last Reply

Top Posters In This Topic

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-11 20:36:54

-----------------------------

20:36:54.296 OS Version: Windows 5.1.2600 Service Pack 3

20:36:54.296 Number of processors: 2 586 0x1C02

20:36:54.296 ComputerName: ALLEYCAT UserName: Heather

20:36:55.531 Initialize success

20:37:02.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

20:37:02.703 Disk 0 Vendor: TOSHIBA_ LV01 Size: 114473MB BusType: 3

20:37:02.718 Disk 0 MBR read successfully

20:37:02.734 Disk 0 MBR scan

20:37:02.734 Disk 0 Windows XP default MBR code

20:37:02.750 Disk 0 scanning sectors +234439600

20:37:02.781 Disk 0 scanning C:\WINDOWS\system32\drivers

20:37:09.062 Service scanning

20:37:10.703 Disk 0 trace - called modules:

20:37:10.750 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys

20:37:10.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f74868]

20:37:10.765 3 CLASSPNP.SYS[f763dfd7] -> nt!IofCallDriver -> \Device\0000006b[0x86f572d8]

20:37:10.781 5 ACPI.sys[f75b4620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f75028]

20:37:10.796 Scan finished successfully

20:37:44.453 Disk 0 Windows 501 MBR fixed successfully

20:38:05.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Heather\My Documents\MBR.dat"

20:38:05.343 The log file has been saved successfully to "C:\Documents and Settings\Heather\My Documents\aswMBR.txt"

Link to post
Share on other sites

when i click to remove it I am getting this message from windows installer: the feature you are trying to use is on a network resource that is unavailable. click ok to try again or enter an alternate path to a folder containing the installation package 'jre1.6.0_25.msi in the box below

Link to post
Share on other sites

yes i did and i tried also to remove it from program files it wont remove

Link to post
Share on other sites

Matt i did as u said above and when i ran to uninstall java i got that message again as i previously told you i carried on and selected all deleted and rebooted i downloaded java and on the install a box came up saying this software has already been installed on your computer would you like to reinstall it i clicked yes and then a box came up saying this action is only valid for products that are currently installed??? so strange as in the previous box it said it was installed anyway i went to add/remove progams and java isnt there

Link to post
Share on other sites

yes im afraid so but my computer seems to be running ok otherwise apart from internet explorer and my mouse USB being read as a modem by my computer which causes the running of the server to freeze and i have to pull the plug and reinsert it again

Link to post
Share on other sites

Hi Alison,

The good news is that you are malware free! Please follow my advice below and then I recommend you post about your current issues in the PC Help forum.

Your log looks clean, Great Job! :)

Now for some cleanup..

Please download OTC and save it to Desktop.

  • Please make sure you are connecting to the Internet
  • Double-click OTC.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    The easiest and safest way to do this is:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

[*]Make your Internet Explorer more secure - This can be done by following these simple instructions:

  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.

    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialize and script ActiveX controls not marked as safe to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to Prompt
    6. Change the Navigate sub-frames across different domains to Prompt
    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings, press the Yes button.

    9. Next press the Apply button and then the OK to exit the Internet Properties page.


    10. Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
    11. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
      Please only choose one.

[*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

[*]Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

[*]Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

[*]Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

[*] Update Non-Microsoft Programs - It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • Norton Safe Web <= Norton Safe Web protects your browser against malicious sites and warns you when you go to one.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Link to post
Share on other sites

SO HOW DO I GET JAVA INSTALLED ON TO MY COMPUTER AS IT ISNT IN MY PROGRAM FILES EVEN THO I GET POP UPS ON THE WINDOW INSTALLER SAYING ITS ALREADY INSTALLED I THOUGHT IT WAS IMPORTANT TO HAVE JAVA ON MY SYSTEM MATT AND PLEASE WILL YOU INBOX ME YOUR BANK DETAILS SO I CAN DO A TRANSFER THANK YOU

Link to post
Share on other sites

i HAVE DONE THE OTC AND STEP 1 SYSTEM RESTORE DISABLE AND ENABLE SUCCESSFULLY

Link to post
Share on other sites

Do not post in all caps; it makes it seem like you are yelling.

Let me know if you have any issues with my last instructions. Once you complete them, let me know, and then please post a thread in the forum I recommended you post in, so that you can receive help with your other issues pertaining to the USB and modem.

Link to post
Share on other sites

i downloaded the MVPS hosts file what do i do with that once downloaded

All you have to do is extract it to your desktop and then double-click on mvps.bat.

[important Notice - 2K/XP/Vista/Win7 Users]

In most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs

in 2K/XP/Vista. Windows 98 and Windows ME are not affected.

To resolve this issue (manually) open the "Services Editor"

Start | Run (type) "services.msc" (no quotes)

Scroll down to "DNS Client", Right-click and select: Properties

Click the drop-down arrow for "Startup type"

Select: Manual, click Apply/Ok and restart.

For more details please see:

http://www.mvps.org/winhelp2002/hosts.htm

Link to post
Share on other sites

Ok I did that thank you what do you recommend i do about Java and being able to install it?

Link to post
Share on other sites

Hi matt that virus has come back on to my system as when i get to windows log in it says 1 unread mail message and i am not opening it because i believe its the same virus i had when i sent you my first hijack this log i dont believe i have done anything to bring it back i did use the revo programme you advised to use for java and i used revo also to get rid of speedy pc as everything else you were telling me wasnt getting rid of it completely what do you suggest i do now please matt

Link to post
Share on other sites

Hi again Matt i think I made a huge mistake of updating spybot and search version 2 it came up on file hippos update checker!!

as you never informed me if this was a good programme to use or not, (as you have always said i can activate tea timer once i am clean) i have thought that spybot is safe??? (i still havent activated the tea timer since i have been clean) my computer totally wouldnt operate correctly through the windows log in after installing Spybot2.

therefore i did do a system restore and clicked the restore point that was the newly created one! (and this caused my system to crash and switch off) instead of clicking a restore point after the newly created one.

I believe that is now my problem with my computer, I am very sorry Matt and understand fully if you dont want to assist me anymore.

but i hope you dont feel that way. :-/

I am taking this opportunity to ask if you would advise against going through all ur instructed fixes from start to finish on this thread? instead of taking up your valuable time.

I am not logged on to windows live but yesterday i remember seeing on the windows log in that i had over 1600 email message alert come up, so i realise when i see this 1 UNREAD email message alert that it is the virus i had previously.

I am not sure which website it has come from, so i have ran a MBAM full scan which didnt pick up on it and have posted it below.

I will also do an OTL scan and post the logs for that shortly and will give you time to look at the OTL logs. I apologize sincerely to you Matt and hope it will just be a case of running a Run Fix in OTL.

thank you so much once again for your utmost patience with me :-) And should I not ever use Spybot search and destroy again on my computer? Spybot version 2 was removed from my system on finally doing a successful restore at the restore point after the newly created one!

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6612

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

19/05/2011 03:26:52

mbam-log-2011-05-19 (03-26-52).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 279009

Time elapsed: 1 hour(s), 11 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

OTL logfile created on: 19/05/2011 03:56:38 - Run 3

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Heather\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 494.00 Mb Available Physical Memory | 49.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.79 Gb Total Space | 94.38 Gb Free Space | 84.43% Space Free | Partition Type: NTFS

Drive D: | 44.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ALLEYCAT | User Name: Heather | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.4.0.925\Badoo.Desktop.exe (Badoo)

PRC - C:\Documents and Settings\Heather\desktop\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)

PRC - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)

PRC - C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)

PRC - C:\Program Files\T-Mobile\Mobile Broadband Manager\UIExec.exe ()

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)

PRC - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)

PRC - C:\Program Files\Virgin Mobile\Broadband Home\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)

PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)

PRC - C:\WINDOWS\system32\acs.exe (Atheros)

PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Modules (SafeList) ==========

MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)

MOD - C:\Documents and Settings\Heather\desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (SBAMSvc) -- File not found

SRV - (avg8wd) -- File not found

SRV - (avg8emc) -- File not found

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (VmbService) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)

SRV - (UI Assistant Service) -- C:\Program Files\T-Mobile\Mobile Broadband Manager\AssistantServices.exe ()

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (TAPPSRV) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)

SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)

SRV - (TODDSrv) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)

SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation)

DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated)

DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)

DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)

DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)

DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (MBB Incorporated)

DRV - (vodafone_K380x-z_dc_enum) -- C:\WINDOWS\system32\drivers\vodafone_K380x-z_dc_enum.sys (Vodafone)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)

DRV - (SBRE) -- C:\WINDOWS\system32\drivers\sbredrv.sys (Sunbelt Software)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corp.)

DRV - (tos_sps32) -- C:\WINDOWS\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (UVCFTR) -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (FwLnk) -- C:\WINDOWS\system32\drivers\FwLnk.sys (TOSHIBA Corporation)

DRV - (tdudf) -- C:\WINDOWS\system32\drivers\tdudf.sys (TOSHIBA Corporation)

DRV - (trudf) -- C:\WINDOWS\system32\drivers\trudf.sys (TOSHIBA Corporation)

DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)

DRV - (tdcmdpst) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Feboz Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://uk.search.yahoo.com/search?fr=ffsp1&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4daaca17&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/18 03:16:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 20:47:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/18 04:16:10 | 000,000,000 | ---D | M]

[2009/06/30 10:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Extensions

[2011/05/08 17:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\fxem6dh1.default\extensions

[2011/04/16 13:56:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\fxem6dh1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)

[2010/09/15 20:53:53 | 000,000,557 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\fxem6dh1.default\searchplugins\bing.xml

[2010/02/04 05:06:36 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\fxem6dh1.default\searchplugins\conduit.xml

[2011/05/07 20:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/04 15:16:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/23 03:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/24 01:39:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/05/02 17:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

[2011/05/07 20:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions

File not found (No name found) --

() (No name found) -- C:\DOCUMENTS AND SETTINGS\HEATHER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FXEM6DH1.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

[2011/05/02 17:46:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2009/06/24 08:39:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/04/28 19:01:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2011/05/02 17:46:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/05/12 17:26:34 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

[2010/03/08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npmidas.dll

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/08 21:45:31 | 000,433,170 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 14934 more lines...

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\Virgin Mobile\Broadband Home\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)

O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()

O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)

O4 - HKLM..\Run: [uIExec] C:\Program Files\T-Mobile\Mobile Broadband Manager\UIExec.exe ()

O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKCU..\Run: [badoo Desktop] C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.4.0.925\Badoo.Desktop.exe (Badoo)

O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)

O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\Virgin Mobile\Broadband Home\VIRGIN MOBILE BROADBAND HOME.exe ()

O4 - HKCU..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.203.65.68 10.203.65.68

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/09/19 07:27:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/09/13 23:45:26 | 000,000,120 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{4e1cfec0-1531-11e0-8828-001e338b062b}\Shell - "" = AutoRun

O33 - MountPoints2\{4e1cfec0-1531-11e0-8828-001e338b062b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4e1cfec0-1531-11e0-8828-001e338b062b}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{9cfd3796-677b-11e0-88c8-002163bf0b3f}\Shell - "" = AutoRun

O33 - MountPoints2\{9cfd3796-677b-11e0-88c8-002163bf0b3f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{9cfd3796-677b-11e0-88c8-002163bf0b3f}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe -- [2010/07/08 12:14:50 | 000,274,432 | R--- | M] (Vodafone)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/18 00:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2

[2011/05/12 17:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Badoo

[2011/05/12 02:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Local Settings\Application Data\VS Revo Group

[2011/05/12 02:02:34 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys

[2011/05/12 02:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro

[2011/05/12 01:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Start Menu\Programs\Revo Uninstaller

[2011/05/12 01:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2011/05/09 01:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Start Menu\Programs\Google Chrome

[2011/05/04 19:01:44 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srusd.dll

[2011/05/04 19:01:44 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll

[2011/05/04 19:01:37 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys

[2011/05/04 19:01:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fnfilter.dll

[2011/05/04 19:01:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll

[2011/05/03 14:44:49 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/05/02 17:47:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/05/02 17:47:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/05/02 17:47:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/05/02 17:47:06 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2011/04/27 17:48:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Heather\Desktop\OTL.exe

[2011/04/26 22:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\licenses

[2011/04/26 22:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\PCMM2009

[2011/04/26 22:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\PCMM2011

[2011/04/26 21:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC

[2011/04/26 21:42:46 | 000,000,000 | ---D | C] -- C:\Drivers

[2011/04/26 05:47:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/04/26 05:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/04/26 05:46:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/04/26 04:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Start Menu\Programs\HiJackThis

[2011/04/26 04:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/04/25 21:02:41 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2011/04/25 21:02:41 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2011/04/25 21:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus

[2011/04/25 21:02:37 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2011/04/25 21:02:37 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2011/04/25 21:02:37 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2011/04/25 21:02:37 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2011/04/25 21:02:37 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2011/04/25 21:02:37 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2011/04/25 21:02:16 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2011/04/25 21:02:16 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2011/04/25 16:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegWork

[2011/04/25 11:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2011/04/25 11:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2011/04/25 11:10:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Heather\Recent

[2011/04/25 11:10:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[2011/04/25 05:50:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe(2)

[2011/04/23 21:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU

[2011/04/23 21:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\AVS4YOU

[2011/04/23 21:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Start Menu\Programs\AVS4YOU

[2011/04/23 21:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU

[2011/04/23 21:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia

[2011/04/23 21:42:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2011/04/23 21:38:08 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll

[2011/04/23 21:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU

[2011/04/23 20:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\My Documents\stereo_files

[2008/09/19 08:26:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

[72 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[10 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/19 04:02:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2577866921-869302320-1379617784-1007UA.job

[2011/05/19 02:12:23 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job

[2011/05/19 02:12:23 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\WinMaximizer-Heather-Startup.job

[2011/05/19 02:11:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/19 02:11:40 | 1063,202,816 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/19 02:08:09 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\Google Chrome.lnk

[2011/05/19 02:08:09 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/19 00:33:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job

[2011/05/18 20:02:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2577866921-869302320-1379617784-1007Core.job

[2011/05/18 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job

[2011/05/18 17:00:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Program Check.job

[2011/05/18 03:21:17 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2011/05/18 03:21:10 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2011/05/18 03:16:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/17 18:00:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job

[2011/05/17 08:49:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/05/17 07:53:42 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\Internet Explorer Troubleshooting.url

[2011/05/16 00:16:24 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

[2011/05/15 08:47:15 | 000,243,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/05/15 04:35:26 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC.job

[2011/05/14 20:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Registry Winner Schedule.job

[2011/05/13 14:04:34 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/05/12 02:02:35 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2011/05/12 02:02:35 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk

[2011/05/12 01:35:23 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\Revo Uninstaller.lnk

[2011/05/11 20:38:05 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Heather\My Documents\MBR.dat

[2011/05/10 13:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2011/05/10 13:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2011/05/10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2011/05/10 13:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2011/05/10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2011/05/08 21:45:31 | 000,433,170 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/05/07 20:47:15 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/05/07 20:47:15 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/05/05 23:00:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\Regwork.job

[2011/05/05 18:24:23 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\HiJackThis.lnk

[2011/05/02 17:46:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/05/02 17:46:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/05/02 17:46:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/05/02 17:46:46 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2011/05/02 17:46:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2011/04/27 17:48:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather\Desktop\OTL.exe

[2011/04/26 05:47:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/04/23 21:55:04 | 000,029,566 | ---- | M] () -- C:\Documents and Settings\Heather\My Documents\$(KGrHqMOKpwE1rGE0vihBNry+g)Qbg~~_12.JPG

[2011/04/23 21:43:33 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\AVS4YOU Software Navigator.lnk

[2011/04/23 21:42:49 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\AVS Image Converter.lnk

[2011/04/23 20:59:52 | 000,003,680 | ---- | M] () -- C:\Documents and Settings\Heather\My Documents\stereo.htm

[2011/04/22 08:07:12 | 000,432,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110508-214531.backup

[2011/04/22 04:24:43 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\Update Checker.lnk

[2011/04/21 21:51:27 | 000,432,016 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110422-080712.backup

[2011/04/20 19:41:47 | 000,431,550 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110421-215127.backup

[72 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[10 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/17 07:53:42 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\Internet Explorer Troubleshooting.url

[2011/05/12 02:02:35 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2011/05/12 02:02:35 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk

[2011/05/12 01:35:23 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\Revo Uninstaller.lnk

[2011/05/11 20:38:05 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Heather\My Documents\MBR.dat

[2011/05/09 01:39:57 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\Google Chrome.lnk

[2011/05/09 01:39:57 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/04/26 21:55:13 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Program Check.job

[2011/04/26 21:55:12 | 000,000,386 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC.job

[2011/04/26 05:47:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/04/26 04:17:41 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\HiJackThis.lnk

[2011/04/25 21:02:42 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2011/04/25 16:44:59 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\Regwork.job

[2011/04/23 21:43:33 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\AVS4YOU Software Navigator.lnk

[2011/04/23 21:42:49 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\AVS Image Converter.lnk

[2011/04/23 20:59:52 | 000,029,566 | ---- | C] () -- C:\Documents and Settings\Heather\My Documents\$(KGrHqMOKpwE1rGE0vihBNry+g)Qbg~~_12.JPG

[2011/04/23 20:59:51 | 000,003,680 | ---- | C] () -- C:\Documents and Settings\Heather\My Documents\stereo.htm

[2011/03/12 15:49:50 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2011/01/10 18:26:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat

[2010/08/11 11:43:50 | 000,159,464 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4

[2010/08/04 21:31:03 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\wklnhst.dat

[2010/06/10 11:19:57 | 000,000,022 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

[2010/03/21 10:50:34 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Heather\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/01 00:19:15 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\Launch Internet Explorer Browser.lnk

[2009/10/19 03:14:13 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2009/09/14 23:33:33 | 011,551,264 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2009/09/14 23:33:33 | 000,137,248 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2009/09/14 21:45:39 | 000,048,492 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/05/14 01:30:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/04/21 03:50:35 | 000,032,608 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe

[2009/04/17 17:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/09/19 09:16:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/09/19 08:57:08 | 000,000,563 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini

[2008/09/19 08:26:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2008/09/19 08:21:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/09/19 08:20:28 | 000,243,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/09/19 08:10:02 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll

[2008/09/19 07:52:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll

[2008/09/19 07:51:47 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe

[2008/09/19 07:51:47 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/09/19 07:30:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/09/19 07:25:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/09/19 06:15:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/09/19 06:15:14 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/09/19 06:15:14 | 000,546,012 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/09/19 06:15:14 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/09/19 06:15:14 | 000,110,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/09/19 06:15:14 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/09/19 06:15:14 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/09/19 06:15:14 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2008/09/19 06:15:13 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/09/19 06:15:13 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/09/19 06:15:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/09/19 06:15:09 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/04/16 13:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\AVG

[2010/12/18 00:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\AVG10

[2010/04/16 22:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1

[2010/08/02 15:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\DriverCure

[2011/04/17 10:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\ErrorExpert

[2011/04/18 03:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\GlarySoft

[2009/12/27 12:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\IObit

[2011/04/26 22:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\licenses

[2010/04/18 23:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Mysteryville2

[2010/08/03 02:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\ParetoLogic

[2011/04/26 22:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\PCMM2009

[2011/04/26 22:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\PCMM2011

[2010/08/04 21:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Template

[2010/09/29 14:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Toshiba

[2011/02/17 04:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Uniblue

[2011/04/15 17:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Vodafone

[2011/04/25 21:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2011/04/25 11:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2009/11/27 05:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2011/05/12 17:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Badoo

[2009/09/14 18:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations

[2010/12/18 00:46:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2009/09/14 22:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2010/09/10 17:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure

[2010/08/02 04:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner

[2010/02/24 02:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2011/04/25 11:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/10/13 18:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2009/09/14 22:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware

[2009/09/14 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS

[2009/11/19 02:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2010/08/01 18:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2010/05/01 19:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

[2011/04/25 16:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegWork

[2011/05/15 04:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC

[2011/04/18 03:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/09/25 09:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA

[2011/04/16 14:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone

[2011/04/17 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMaximizer

[2008/09/25 09:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

[2010/08/02 04:30:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}

[2009/04/21 10:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2011/05/19 02:12:23 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job

[2011/05/17 18:00:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\Pareto UNS.job

[2011/05/18 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

[2011/05/19 00:33:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job

[2011/05/14 20:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Winner Schedule.job

[2011/05/05 23:00:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\Regwork.job

[2011/05/18 17:00:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Program Check.job

[2011/05/15 04:35:26 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC.job

[2009/04/27 02:42:33 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\System Restore.job

[2011/05/19 02:12:23 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\WinMaximizer-Heather-Startup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wupdmgr.exe:SummaryInformation

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 19/05/2011 03:56:38 - Run 3

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Heather\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 494.00 Mb Available Physical Memory | 49.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.79 Gb Total Space | 94.38 Gb Free Space | 84.43% Space Free | Partition Type: NTFS

Drive D: | 44.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ALLEYCAT | User Name: Heather | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"1914:UDP" = 1914:UDP:*:Enabled:Windows Media Format SDK (chrome.exe)

"1915:UDP" = 1915:UDP:*:Enabled:Windows Media Format SDK (chrome.exe)

"1918:UDP" = 1918:UDP:*:Enabled:Windows Media Format SDK (chrome.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Toshiba\ConfigFree\NDSTray.exe" = C:\Program Files\Toshiba\ConfigFree\NDSTray.exe:*:Enabled:ConfigFree Tray -- (TOSHIBA CORPORATION)

"C:\Program Files\Toshiba\ConfigFree\CFXFER.exe" = C:\Program Files\Toshiba\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility

"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)

"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer

"{40414716-B992-43AE-97E7-B4B40AECE6E6}" = Badoo Desktop

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Link to post
Share on other sites

im posting a hijack this log in hoping it will help you detect any problems:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:54:51, on 19/05/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\TODDSrv.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Atheros\ACU.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\Virgin Mobile\Broadband Home\DataCardMonitor.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\T-Mobile\Mobile Broadband Manager\UIExec.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\FileHippo.com\UpdateChecker.exe

C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.4.0.925\Badoo.Desktop.exe

C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\\GoogleEULALauncher.exe IE

O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\Virgin Mobile\Broadband Home\DataCardMonitor.exe

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [uIExec] "C:\Program Files\T-Mobile\Mobile Broadband Manager\UIExec.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Virgin Mobile\Broadband Home\VIRGIN MOBILE BROADBAND HOME.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background

O4 - HKCU\..\Run: [badoo Desktop] "C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.4.0.925\Badoo.Desktop.exe"

O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - C:\WINDOWS\system32\SHDOCVW.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com/ig/redirectdomain?brand=TSED&bmod=TSED

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVAST Software - (no file)

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVAST Software - (no file)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--

End of file - 11415 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.